EDDI Home

Encrypted DNS Deployment Initiative

aka EDDI (pronounced ED-EE)

The Domain Name System (DNS) is the Internet’s naming protocol, translating names like example.com into the IP addresses of destination servers. Users rely on the DNS for all they do - from using the web to mobile apps, streaming video, email, and more. Our goal is to work together to adopt new encrypted DNS standards on a global basis to improve user privacy & security, while also preserving the distributed architecture of DNS operations & administration, maintaining global DNS security and stability, and supporting existing DNS-based technical functions.

The goal of the Encrypted DNS Deployment Initiative is to ensure the smooth global adoption and reliable operation at scale of DNS encryption technology. This effort involves global coordination across a wide range of technical professionals, from protocol designers to software developers, network operators of all types, DNS operators, content delivery networks, cloud providers, application providers, and many others.

This effort will:

Strive to define and adopt DNS encryption technologies in a manner that ensures the continued high performance, resiliency, stability and security of the Internet’s critical namespace and name resolution services, as well as ensuring the continued unimpaired functionality of security protections, parental controls, and other services that depend upon the DNS. Seek to enhance the privacy and security of users, devices and services through the encryption of DNS query and response traffic and other techniques for reducing the disclosure of potentially sensitive information in DNS traffic. Develop best practices, such as in areas that may explore the collection and use of data contained in DNS queries, resolver discovery and selection, and how end user configuration options may be presented.

Approach

Bring together key players in the implementation ecosystem Provide a forum for discussing, sharing, and developing as necessary: Measurement data Design, deployment, and operations experience (e.g. lessons learned) Technical methods to address the needs of specific types of networks and service dependencies, including enterprise, government, and school networks, as well as ISP networks. Cyber-security and malware protections Parental content controls

Output and Concensus

All output, recommendations or best practices are non-binding on participants. We work by IETF-style rough consensus. One of our first tasks will be to work on a charter and technical scope for the group.