this, joyfully, is a very good question.
Tom Pusateri wrote:
....
Ok, so as Vladimír said, getting back to DHCP…
1. You obviously don’t need a DoH URI option for DHCP. 2. You’re
comfortable with DNS over UDP/53 as long as DNS Cookies are present
and using the existing DHCP DNS options 3. You seem happy with the
Android approach of just trying DoT with the IP address learned via
standard DHCP DNS options
Why do you care about additional DHCP options?
in my previous explaination as to the security model i follow, i noted
that the network paths to my dhcp server and my rdns servers were
different, and that in the dhcp case i have far more observability and
control than in the rdns case.
it should follow therefore that i do NOT want to use UDP/53 + Cookies
unless there is no alternative. DoT will be preferred. (DTLS or SCTP
would be even better, but i'm only picking from items now-on-menu.)
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
