Experiments on the IETF 99 Network

Experiments on the IETF Network may be requested by any member of the community by contacting the NOC. The NOC will work with the requestors to help define how the experiment might take place, and will forward the request with their recommendation to the IETF Chair. If the Chair approves, the NOC will work with the requestor to help facilitate (but not do) the experiment.

For IETF 99 in Prague, the following experiment has been approved and implemented:


In cooperations with the NOC, Erik Kline and Warren Kumari are running an experimental DNS-over-TLS (DPRIVE) service on the IETF 99 network.

The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE.

This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" DNS servers.

We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves.

If you are interested in using this, you can use the Stubby implementation, a recent Unbound, or a very recent Android Open Source Project build.

An example Stubby config file is here: here and an example Unbound config is: here

If folks want to use DNS-over-TLS outside of IETF, a set of experimental servers to use ‘in the wild’ (sadly mostly in Europe at the moment): ​ and a page monitoring their availability: ​

For troubleshooting, talk to Erik Kline or Warren Kumari, warren @

More discussion on the general topic DNS privacy topic can be found in the DPRIVE WG, and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon.

As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled.

Additional info

Example configs:

Last modified 6 weeks ago Last modified on 15 Jul 2017, 08:59:21