On Jun 7, 2023, at 11:42 PM, Florian Obser <florian+i...@narrans.de> wrote: > Up-thread Stéphane reported ns1.eu.org as an example. Open resolver on > 853 and authority for eu.org on 53: > > | Also, currently, regarding the possible warning to system > | administrators about the need for 53 and 853 to be in sync, we > | currently find in the wild servers that implement different services on > | the two ports. See for instance ns1.eu.org (authoritative for eu.org) > | or ns1-dyn.bortzmeyer.fr (authoritative for dyn.bortzmeyer.fr). Both > | have authoritative on 53 and an open resolver on 853. Should we > | explicitely ban this practice?
Thanks for the specifics! We do explicitly ban this practice, but it is definitely also worth noting in the document that this could happen. It is definitely one of the operational considerations. I'll add this. --Paul Hoffman _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
