This is really a design question. As far as I am concerned, DNS is and always will be a first class Internet protocol. It is the foundation for everything else. The syntax etc can change but it is a building block other stuff should build on, not something that can leverage other facilities.
So the approach I would take to dealing with legacy infrastructure is a two pronged approach: 1) A principled approach that does not make allowance for network deployment constraints. 2) One or more mechanisms to ensure service is available in restricted networks. So a browser would need to implement (1) and (2) but an Internet connected coffee pot might only support (1) plus legacy DNS because it isn't a device that would require the connectability guarantees that (2) provide. Having experimented with it seems that a UDP service plus a Web Service over HTTP are the best choice. I have tried using DNS as a tunnelling protocol (TXT lookups) but that does not seem to be worth the hassle. DTLS looks like a good idea at first but it is a bolt on to TLS which is already a thick stack. DTLS is really designed to secure protocols that are essentially emulating TCP in UDP. There are times to stick with the existing standards and time to make a fresh start. I think DNS is a case where a fresh start is appropriate.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
