Moin!
On 24.04.2014, at 15:28, "Tirumaleswar Reddy (tireddy)" <tire...@cisco.com> wrote: >> -----Original Message----- >> From: dns-privacy [mailto:dns-privacy-boun...@ietf.org] On Behalf Of Nicholas >> Weaver >> Sent: Thursday, April 24, 2014 1:58 AM >> To: Paul Wouters >> Cc: dnsop; Nicholas Weaver; dns-priv...@ietf.org >> Subject: Re: [dns-privacy] [DNSOP] DNS over DTLS (DNSoD) >> >> >>> On Apr 23, 2014, at 1:00 PM, Paul Wouters <p...@nohats.ca> wrote: >>> No, I fully disagree with this. Port 53 TCP has a much better chance >>> at working these days than a random other newly assigned port. > > On the contrary, Firewalls are configured today to permit UDP port 53 and > block TCP port 53. Why should firewalls change their configuration ? I know lots of firewalls that also allow TCP/53, but the real problem with all these middle boxes that make changing DNS hard is that they believe to understand the full protocol and only pass what they think is right. So everything new we come up will be dropped (Been there, done that). We have to be very careful with changes to the DNS protocol if we want them to be deployed So long Ralf Sent from my iPhone _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
