On Sat, Aug 18, 2018 at 5:33 PM, Paul Vixie <p...@redbarn.org> wrote: > > > Marek Vavruša wrote: >> >> Hi, >> >> thanks for comments. This draft has little to do with DoH (the primary >> focus is DoT), and its comparison to other technologies. It's about >> network operator being able to advertise that its recursive server >> supports DNS on more than just port 53. Please let's stay at least a >> bit on topic. >> >> Marek > > > i think stubs should try to negotiate persistent tcp/853 for every address > they receive from dhcp, and if they can't, they should fall back to doing > whatever they did before, like try udp/53, and so on. > > -- > P Vixie
I agree, this works in the opportunistic profile or with an IP certificate and trust in CA model. The pros and cons of this are described in https://tools.ietf.org/html/rfc8310#section-7.2 It doesn't work for dynamic configuration of ADN or SPKI pins. Marek _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
