Here is my first cut of wording for a new operational considerations section to deal with systems that are both recursive and authoritative on port 853. Comments are welcome.
As recursive resolvers implement this protocol, authoritative servers will see more probing on port 853 of IP addresses that are associated with NS records. Such probing of an authoritative server should generally not cause any significant problems: if the authoritative server is not supporting this protocol, it will not respond on port 853, and if it is supporting this protocol, it will act accordingly. However, a system that is a public resolver that supports DoT and/or DoQ may also have an IP address that is associated with NS records. This could be accidental (such as a glue record with the wrong target address) or intentional. In such a case, resolvers following this protocol will look for authoritative answers to ports 53 and 853 on that system, and the system would need to be able to differentiate queries for recursive answers from queries for authoritative answers. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
