Tom Pusateri wrote: ....
One more point (from the Android crowd) was that they are going to try to connect to the DNS server’s IP address using port 853 using DoT at the same time they are trying to resolve names over port 53 with UDP. If they’re able to make a DoT connection, they’ll use it. This doesn’t provide for a way to have an ADN to verify the certificate but a PTR query can give you a name to do certificate validation and/or DANE validation. So they seemed to be making the point that no DHCP extensions were necessary.
that's a cool hack, showing once again DoT's superiority over DoH. -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
