On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've not read, sorry;-) has anything to say about ADoT?
>
> Ta,
> S.
>
Hello!
I've read some members in this thread mention it, got me thinking for a bit
about the handful of
domains I do authoritative service for. Now I've also come across this draft
from the IETF's
Network WG, might be relevant? But it seems like it's been published in 2021
and is still a draft.
Not sure how "standard" that is in IETF lingo, but it does seem interesting.
https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.html[1]
Granted, for my own domains, doing zone transfers in plain TLS over a VPN
connection like
WireGuard has never failed me either. And if only WireGuard has to be
security-audited, perhaps
one could argue that to reduce the amount of work needed. For applications I'd
imagine it to be
necessary for each one individually. But if it streamlines things for the US
government and that's
how they announce it to the world.. oh well, just not a policy I want to be
burdened with as an
individual operator. I like being able to even do it over a set of mystery
pixie dust virtual
interfaces from my hosting provider, but that would be something that a
government would
have good reason to distrust.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--------
[1]
https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.html#name-dns-records-to-publish-for-
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
