{"draft":"draft-ietf-dnsop-cookies-10","doc_id":"RFC7873","title":"Domain Name System (DNS) Cookies","authors":["D. Eastlake 3rd","M. Andrews"],"format":["ASCII","HTML"],"page_count":"25","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Domain Name System Operations","abstract":"DNS Cookies are a lightweight DNS transaction security mechanism that\r\nprovides limited protection to DNS servers and clients against a\r\nvariety of increasingly common denial-of-service and amplification\/\r\nforgery or cache poisoning attacks by off-path attackers.  DNS\r\nCookies are tolerant of NAT, NAT-PT (Network Address Translation -\r\nProtocol Translation), and anycast and can be incrementally deployed.\r\n(Since DNS Cookies are only returned to the IP address from which\r\nthey were originally received, they cannot be used to generally track\r\nInternet users.)\r\n","pub_date":"May 2016","keywords":["denial of service","forgery","cache poisoning","off-path"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":["RFC9018"],"see_also":[],"doi":"10.17487\/RFC7873","errata_url":null}