HTTP/2 200 date: Mon, 14 Jul 2025 14:01:30 GMT content-type: application/xml cache-control: public, max-age=3600 cross-origin-opener-policy: same-origin expires: Mon, 14 Jul 2025 15:01:30 GMT referrer-policy: same-origin vary: Cookie, origin, Accept-Encoding x-content-type-options: nosniff x-frame-options: DENY x-resolution-methods: manual;auto;fallback x-resolution-outcomes: ;RfcAdapter: using docid IETF RFC 9462 -> using query @.type == "IETF" && @.primary == true && @.id == "RFC 9462" -> 1 found,; last-modified: Mon, 14 Jul 2025 14:01:30 GMT cf-cache-status: MISS server: cloudflare cf-ray: 95f18d6eabb98839-BLR content-encoding: gzip alt-svc: h3=":443"; ma=86400 This document defines Discovery of Designated Resolvers (DDR), a set of mechanisms for DNS clients to use DNS records to discover a resolver's encrypted DNS configuration. An Encrypted DNS Resolver discovered in this manner is referred to as a "Designated Resolver". These mechanisms can be used to move from unencrypted DNS to encrypted DNS when only the IP address of a resolver is known. These mechanisms are designed to be limited to cases where Unencrypted DNS Resolvers and their Designated Resolvers are operated by the same entity or cooperating entities. It can also be used to discover support for encrypted DNS protocols when the name of an Encrypted DNS Resolver is known.