DNS over DTLS
E208754
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNS over DTLS canonical | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
DNS security mechanism
ⓘ
network security protocol ⓘ |
| aimsTo |
improve privacy of DNS
ⓘ
prevent DNS traffic analysis on content ⓘ |
| belongsTo | DNS privacy technologies ⓘ |
| canBeUsedBy |
recursive resolvers
ⓘ
stub resolvers ⓘ |
| canCoexistWith | DNSSEC ⓘ |
| canSupport | mutual authentication ⓘ |
| canUse |
DTLS
ⓘ
surface form:
DTLS 1.2
DTLS ⓘ
surface form:
DTLS 1.3
|
| doesNotProvide | origin authentication of DNS data like DNSSEC ⓘ |
| encapsulates | DNS messages inside DTLS records ⓘ |
| isAlternativeTo |
DNS over HTTPS
ⓘ
DNS over TLS ⓘ |
| isBasedOn | TLS ⓘ |
| isDefinedIn | IETF draft documents ⓘ |
| isDesignedFor | securing DNS over unreliable transports ⓘ |
| isDesignedTo | minimize connection setup overhead compared to TCP-based solutions ⓘ |
| isLessDeployedThan |
DNS over HTTPS
ⓘ
DNS over TLS ⓘ |
| isMaintainedBy |
IETF community
ⓘ
surface form:
IETF DNS and TLS communities
|
| isSuitableFor | environments where UDP is preferred over TCP ⓘ |
| isVulnerableTo | UDP-based denial-of-service issues ⓘ |
| mayUse | pre-shared keys ⓘ |
| operatesAtLayer | transport layer ⓘ |
| preservesProperty |
connectionless communication
ⓘ
low latency ⓘ |
| protectsAgainst |
on-path tampering with DNS messages
ⓘ
passive eavesdropping on DNS traffic ⓘ |
| providesProperty |
authentication
ⓘ
confidentiality ⓘ integrity ⓘ |
| requires |
DTLS handshake
ⓘ
DTLS version negotiation ⓘ certificate-based server authentication ⓘ |
| secures |
DNS queries
ⓘ
DNS responses ⓘ |
| stillLeaks |
IP header metadata
ⓘ
packet size information ⓘ |
| supports |
client-to-recursive-resolver communication
ⓘ
recursive-resolver-to-authoritative-server communication ⓘ |
| supportsFeature |
retransmission at DTLS layer
ⓘ
session resumption ⓘ |
| usesPortTypically | UDP port 853 ⓘ |
| usesProtocol |
DTLS
ⓘ
surface form:
Datagram Transport Layer Security
|
| usesTransportProtocol | UDP ⓘ |
| wasMotivatedBy | need for encrypted DNS over UDP ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: DNS over DTLS Description of subject: DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.
subject surface form:
DNS over QUIC