Reusing 853 sounds like the simplest solution here. QUICv1 can coexist with DTLS, and there is no reason to believe that future IETF versions of QUIC will not have the same feature. If someone decides to run their custom version of QUIC on the same port as DTLS, they'll also make sure to have their version of QUIC coexist with DTLS.
The QUICv1 "grease the QUIC bit" extension is not relevant to this discussion, because no one who cares about coexisting with DTLS will deploy this extension. David On Wed, Nov 24, 2021 at 12:03 PM Christian Huitema <[email protected]> wrote: > > On 11/24/2021 10:58 AM, Benjamin Kaduk wrote: > > On Wed, Nov 24, 2021 at 10:45:43AM -0800, Martin Duke wrote: > >> Hello QUIC, > >> > >> DNS-over-QUIC just requested UDP Port 843, where it would coexist with > > I assume you mean 853, though that does not affect the rest of your note > at all. > > Note that port 853 is a bit of a special case. TCP port 853 was first > reserved for DNS over TLS. UDP port 853 was then reserved for DNS over > DTLS, which was defined in an experimental RFC. Turns out that several > years later we are not aware of any deployment of DNS over DTLS. So we > believe that having UDP port 853 for DNS over QUIC and TCP port 853 for > DNS over TLS would keep the nice symmetry that was originally intended. > It would for example make management of firewalls easier, "port 853 is > encrypted DNS for both UDP and TCP". The downside would the case of > servers trying to run both DNS over QUIC and DNS over DTLS. We don't > know any such server, but it is nice to have a fallback mechanism in the > unforeseen case of some server somewhere trying to do that. The ability > of multiplexing QUIC and DTLS on the same port gives us that. > > -- Christian Huitema > >
