> On Aug 21, 2018, at 3:30 PM, Paul Vixie <p...@redbarn.org> wrote: > > this, joyfully, is a very good question. > > Tom Pusateri wrote: > .... >> Ok, so as Vladimír said, getting back to DHCP… >> >> 1. You obviously don’t need a DoH URI option for DHCP. 2. You’re >> comfortable with DNS over UDP/53 as long as DNS Cookies are present >> and using the existing DHCP DNS options 3. You seem happy with the >> Android approach of just trying DoT with the IP address learned via >> standard DHCP DNS options >> >> Why do you care about additional DHCP options? > > in my previous explaination as to the security model i follow, i noted that > the network paths to my dhcp server and my rdns servers were different, and > that in the dhcp case i have far more observability and control than in the > rdns case. > > it should follow therefore that i do NOT want to use UDP/53 + Cookies unless > there is no alternative. DoT will be preferred. (DTLS or SCTP would be even > better, but i'm only picking from items now-on-menu.)
Since you can already do DoT today without an additional DHCP DNS option and adding that option will indisputably also come with a DoH URI option too, I would think you would be arguing against any new DHCP options for consistency. Tom _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
