On 08/19/2018 04:57 PM, manu tman wrote:
On Sun, Aug 19, 2018 at 4:46 PM Ted Lemon <mel...@fugue.com
<mailto:mel...@fugue.com>> wrote:
A user who relies on the dhcp server for dns server info is no worse
off. The problem is that if your host lets the dhcp server override
the DoT or DoH configuration you entered manually, you are a lot
worse off.
This seems to be a static vs dynamic setup. Either you use dynamic and
you will happily accept what you get from DHCP and possibly upgrade to
(HTTP|TL)S or you have set your resolvers statically and you are already
ignoring the nameservers provided by the DHCP server.
If you do not accept the servers provided by DHCP, there is no reason
you would accept extra attributes for those same snameservers.
Manu
Yes, those are my thoughts precisely.
I don't see a risk model where a user configures DOH or DOT servers
explicitly, but does not disable DHCP configuration for DNS. Am I
missing something?
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
