Dear DNSOP Working Group, We would like to inform the working group that we have submitted an updated version of our draft, Considerations for Protective DNS Server Operators.
In this revision, we primarily updated the section on blocklist selection, refining the discussion and clarifying the associated considerations for operators. We welcome feedback and comments from the working group. Best regards, Mingxuan Liu [email protected] > -----原始邮件----- > 发件人: [email protected] > 发送时间:2026-01-23 07:58:54 (星期五) > 收件人: "Baojun Liu" <[email protected]>, "Chaoyi Lu" <[email protected]>, > "Haixin Duan" <[email protected]>, "Mingxuan Liu" <[email protected]> > 主题: New Version Notification for draft-liu-dnsop-protective-dns-02.txt > > A new version of Internet-Draft draft-liu-dnsop-protective-dns-02.txt has been > successfully submitted by Mingxuan Liu and posted to the > IETF repository. > > Name: draft-liu-dnsop-protective-dns > Revision: 02 > Title: Considerations for Protective DNS Server Operators > Date: 2026-01-21 > Group: Individual Submission > Pages: 22 > URL: > https://www.ietf.org/archive/id/draft-liu-dnsop-protective-dns-02.txt > Status: https://datatracker.ietf.org/doc/draft-liu-dnsop-protective-dns/ > HTML: > https://www.ietf.org/archive/id/draft-liu-dnsop-protective-dns-02.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-liu-dnsop-protective-dns > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-liu-dnsop-protective-dns-02 > > Abstract: > > Protective DNS is a defense mechanism deployed on recursive resolvers > to prevent users from accessing malicious domains. For domain names > in the blocklist, it rewrites DNS resolution responses to point to > secure destinations (e.g., safe servers) to prevent users from > accessing malicious entities. > > Owing to its effective defenses against common cyber attack > behaviors—such as command-and-control (C2) communications of > malware—Protective DNS deployment has surged via various initiatives. > Not only have renowned DNS service providers adopted this defense, > but some countries have also launched national-scale deployments. > Meanwhile, studies analyzing Protective DNS have identified > implementation diversity. > > Thus, this document aims to provide specific operational and security > considerations for Protective DNS. It is intended primarily for > entities seeking to deploy Protective DNS for defensive purposes, > offering deployment and security considerations. > > > > The IETF Secretariat > _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
