> On 12 Jan 2023, at 00:26, Philip Homburg <pch-dnso...@u-1.phicoh.com> wrote:
>
> In your letter dated Tue, 10 Jan 2023 11:33:57 -0500 (EST) you wrote:
>>> However, such a setup leaves the application with no control over
>>> which transport the proxy uses.
>>
>> Why should the application have control over this?
>
> The following is just a thought, I didn't implement it.
>
> With local DNS proxies that use encrypted transports there can be a bit of
> a bootstrap problem is a system boots without any sense of the current time.
Or DNSSEC is is use.
> What might happen is that a NTP client tries to lookup pool.ntp.org. If
> DNS resolution goes through a proxy that tries to use an encrypted transport,
> then the proxy may fail because the time is wrong. The NTP client doesn't
> get any answers so it can't set the clock and the system doesn't boot.
>
> In that case, if the NTP client would request DNS resolution over Do53 for
> its initinal lookup of pool.ntp.org, then the proxy can return a DNS reply
> and the system can boot normally.
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
