On Sat, Aug 18, 2018 at 5:33 PM, Paul Vixie <p...@redbarn.org> wrote:
>
>
> Marek Vavruša wrote:
>>
>> Hi,
>>
>> thanks for comments. This draft has little to do with DoH (the primary
>> focus is DoT), and its comparison to other technologies. It's about
>> network operator being able to advertise that its recursive server
>> supports DNS on more than just port 53. Please let's stay at least a
>> bit on topic.
>>
>> Marek
>
>
> i think stubs should try to negotiate persistent tcp/853 for every address
> they receive from dhcp, and if they can't, they should fall back to doing
> whatever they did before, like try udp/53, and so on.
>
> --
> P Vixie

I agree, this works in the opportunistic profile or with an IP
certificate and trust in CA model.
The pros and cons of this are described in
https://tools.ietf.org/html/rfc8310#section-7.2

It doesn't work for dynamic configuration of ADN or SPKI pins.

Marek

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to