On Tue, 2 Oct 2012, Paul Vixie wrote:
if ietf hadn't declared the dns protocol finished, and were not even now working to close up the dnsext working group, i'd propose that we develop a standard for carrying edns over tcp/80 and/or tcp/443, which is for most mobile users what "the internet" consists of.
unbound via dnssec-trigger does this. The problem here is that it still does 1 query/answer per TCP connection. That has to be fixed, and we should use a dnssec chains format for it. Ideally, I'd like to say something like "give me the proof from .ca to IN A www.nohats.ca, and receive one blob back. I haven't encountered a hotspot that, after authentication, breaks port 80. This setup will work tremendously well. But currently, using port just causes timeouts.
i'm not sure how we expect DANE to make any difference when we don't have working last mile DNSSEC.
+1 Paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
