On 11/24/2021 10:58 AM, Benjamin Kaduk wrote:
On Wed, Nov 24, 2021 at 10:45:43AM -0800, Martin Duke wrote:
Hello QUIC,
DNS-over-QUIC just requested UDP Port 843, where it would coexist with
I assume you mean 853, though that does not affect the rest of your note at all.
Note that port 853 is a bit of a special case. TCP port 853 was first
reserved for DNS over TLS. UDP port 853 was then reserved for DNS over
DTLS, which was defined in an experimental RFC. Turns out that several
years later we are not aware of any deployment of DNS over DTLS. So we
believe that having UDP port 853 for DNS over QUIC and TCP port 853 for
DNS over TLS would keep the nice symmetry that was originally intended.
It would for example make management of firewalls easier, "port 853 is
encrypted DNS for both UDP and TCP". The downside would the case of
servers trying to run both DNS over QUIC and DNS over DTLS. We don't
know any such server, but it is nice to have a fallback mechanism in the
unforeseen case of some server somewhere trying to do that. The ability
of multiplexing QUIC and DTLS on the same port gives us that.
-- Christian Huitema
