On Wed, 23 Apr 2014, Nicholas Weaver wrote:
On Apr 23, 2014, at 1:00 PM, Paul Wouters <p...@nohats.ca> wrote:
No, I fully disagree with this. Port 53 TCP has a much better chance at
working these days than a random other newly assigned port.
Not true. Port 53 is far more molested than "random": INBOUND firewall rules
prevent you from running new services without firewall rule modifications, but outbound
blocking is far less common. (Our test port for this is TCP 1947 with Netalyzr).
Provided you use "traditional DNS" perhaps? Once you account for roaming
around different network, I think you will see port 53 us regularly
transparently proxied to a local DNS server. When those see something
they don't understand because its not "traditional DNS", you'll lose.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
