DNS over DTLS
E208754
DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNS over DTLS canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1808583 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DNS over DTLS Context triple: [DNS over QUIC, improvesOver, DNS over DTLS]
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
C.
DTLS
DTLS (Datagram Transport Layer Security) is a protocol that provides TLS-like encryption, integrity, and authentication for datagram-based communications such as UDP.
-
D.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
E.
DTLS-SRTP
DTLS-SRTP is a security protocol framework that uses Datagram Transport Layer Security to negotiate keys and provide encryption and authentication for Secure Real-time Transport Protocol media streams, commonly used in VoIP and WebRTC.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DNS over DTLS Target entity description: DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
-
A.
DNS over TLS
DNS over TLS is a security protocol that encrypts traditional DNS queries and responses using Transport Layer Security to protect user privacy and prevent eavesdropping or tampering.
-
B.
DNS over QUIC (DoQ)
DNS over QUIC (DoQ) is a modern DNS transport protocol that uses the QUIC encrypted, multiplexed UDP-based transport to provide faster, more secure, and more reliable DNS queries than traditional methods.
-
C.
DTLS
DTLS (Datagram Transport Layer Security) is a protocol that provides TLS-like encryption, integrity, and authentication for datagram-based communications such as UDP.
-
D.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
E.
DTLS-SRTP
DTLS-SRTP is a security protocol framework that uses Datagram Transport Layer Security to negotiate keys and provide encryption and authentication for Secure Real-time Transport Protocol media streams, commonly used in VoIP and WebRTC.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
DNS security mechanism
ⓘ
network security protocol ⓘ |
| aimsTo |
improve privacy of DNS
ⓘ
prevent DNS traffic analysis on content ⓘ |
| belongsTo | DNS privacy technologies ⓘ |
| canBeUsedBy |
recursive resolvers
ⓘ
stub resolvers ⓘ |
| canCoexistWith | DNSSEC ⓘ |
| canSupport | mutual authentication ⓘ |
| canUse |
DTLS
ⓘ
surface form:
DTLS 1.2
DTLS ⓘ
surface form:
DTLS 1.3
|
| doesNotProvide | origin authentication of DNS data like DNSSEC ⓘ |
| encapsulates | DNS messages inside DTLS records ⓘ |
| isAlternativeTo |
DNS over HTTPS
ⓘ
DNS over TLS ⓘ |
| isBasedOn | TLS ⓘ |
| isDefinedIn | IETF draft documents ⓘ |
| isDesignedFor | securing DNS over unreliable transports ⓘ |
| isDesignedTo | minimize connection setup overhead compared to TCP-based solutions ⓘ |
| isLessDeployedThan |
DNS over HTTPS
ⓘ
DNS over TLS ⓘ |
| isMaintainedBy |
IETF community
ⓘ
surface form:
IETF DNS and TLS communities
|
| isSuitableFor | environments where UDP is preferred over TCP ⓘ |
| isVulnerableTo | UDP-based denial-of-service issues ⓘ |
| mayUse | pre-shared keys ⓘ |
| operatesAtLayer | transport layer ⓘ |
| preservesProperty |
connectionless communication
ⓘ
low latency ⓘ |
| protectsAgainst |
on-path tampering with DNS messages
ⓘ
passive eavesdropping on DNS traffic ⓘ |
| providesProperty |
authentication
ⓘ
confidentiality ⓘ integrity ⓘ |
| requires |
DTLS handshake
ⓘ
DTLS version negotiation ⓘ certificate-based server authentication ⓘ |
| secures |
DNS queries
ⓘ
DNS responses ⓘ |
| stillLeaks |
IP header metadata
ⓘ
packet size information ⓘ |
| supports |
client-to-recursive-resolver communication
ⓘ
recursive-resolver-to-authoritative-server communication ⓘ |
| supportsFeature |
retransmission at DTLS layer
ⓘ
session resumption ⓘ |
| usesPortTypically | UDP port 853 ⓘ |
| usesProtocol |
DTLS
ⓘ
surface form:
Datagram Transport Layer Security
|
| usesTransportProtocol | UDP ⓘ |
| wasMotivatedBy | need for encrypted DNS over UDP ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DNS over DTLS Description of subject: DNS over DTLS is a protocol that secures DNS queries using Datagram Transport Layer Security over UDP, providing encryption and integrity while preserving DNS’s low-latency, connectionless nature.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.