[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Fri, 9 May 2025 at 06:19, David Adrian wrote: > Hi all, > > > More generally, I think we should hear from some client vendors > (browsers or otherwise > about what they want here, prior to standardizing anything in this space. > > Apologies for the delay in responding from the perspective of a

[DNSOP] Re: [Last-Call] Re: Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Wed, 7 May 2025 at 23:02, Eric Rescorla wrote: > > > On Wed, May 7, 2025 at 7:04 AM Paul Wouters wrote: > >> >> I would really like to hear from the browser vendors on whether they >> would support displaying custom error strings in DNS replies to their >> endusers, and how they would handle

[DNSOP] Re: [Last-Call] Re: Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

Hi Paul, Please see inline On Wed, 7 May 2025 at 19:34, Paul Wouters wrote: > On Wed, 7 May 2025, tirumal reddy wrote: > > > I disagree. An ENUM can be handled by browsers to display text in > the > > locality of the user. This can just fling u

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

Hi Paul, Please see inline On Tue, 6 May 2025 at 19:23, Paul Wouters wrote: > On Tue, 6 May 2025, tirumal reddy wrote: > > > I am not sure why a JSON object for a browser would produce a more > > "meaingful error message" than one that is possible w

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Tue, 6 May 2025 at 16:39, Peter Thomassen wrote: > > > On 5/6/25 12:48, tirumal reddy wrote: > > On Mon, 5 May 2025 at 21:56, Paul Wouters p...@nohats.ca>> wrote: > > First of all, the contact details are completely untrusted (eg when > > obtaining a

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Tue, 6 May 2025 at 14:20, Petr Špaček wrote: > On 5/6/25 10:28, tirumal reddy wrote: > > On Mon, 5 May 2025 at 21:23, Petr Špaček > <mailto:pspa...@isc.org>> wrote: > > > > On 5/5/25 17:27, tirumal reddy wrote: > > > On Mon, 5 May 2025

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

Hi Paul, Please see inline On Mon, 5 May 2025 at 21:56, Paul Wouters wrote: > On Mon, 5 May 2025, Stephane Bortzmeyer wrote: > > > On Mon, May 05, 2025 at 12:49:28PM +, > > Eric Vyncke (evyncke) wrote > > a message of 200 lines which said: > > > >> * Are full-text explanations better o

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Mon, 5 May 2025 at 21:23, Petr Špaček wrote: > On 5/5/25 17:27, tirumal reddy wrote: > > On Mon, 5 May 2025 at 20:32, Petr Špaček > <mailto:pspa...@isc.org>> wrote: > > > > On 5/5/25 14:49, Eric Vyncke (evyncke) wrote: > > > Dear authors and

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

The dnsop-structured-dns-error draft includes mechanisms for providing structured error information that can be used by clients to display user-friendly messages. It deliberately avoids allowing any free-form or arbitrary full-text fields to be shown directly to end users, precisely to mitigate sec

[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error

On Mon, 5 May 2025 at 20:32, Petr Špaček wrote: > On 5/5/25 14:49, Eric Vyncke (evyncke) wrote: > > Dear authors and WG, > > > > There have been substantive IETF Last Call comments once extending the > > review outside of DNSOP. On my own read of the comments, there are two > > critical ones: > >

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

On Sat, 3 May 2025 at 04:04, Stephen Farrell wrote: > > Hiya, > > On 14/04/2025 16:18, The IESG wrote: > > > > The IESG has received a request from the Domain Name System Operations WG > > (dnsop) to consider the following document: - 'Structured Error Data for > > Filtered DNS' > > as Propos

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

Thank you very much for your detailed and thoughtful review of the draft, and for sharing valuable insights from the ISP deployment perspective. We would like to clarify that the scope of this draft is not limited to enterprise networks. It is designed to support structured error response signaling

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

On Thu, 24 Apr 2025 at 20:30, Stephane Bortzmeyer wrote: > On Thu, Apr 24, 2025 at 04:41:20PM +0200, > Petr Špaček wrote > a message of 53 lines which said: > > > > Servers which don't support this specification might use plain > > > text in the EXTRA-TEXT field. Requestors SHOULD properly han

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

Hi Stephane, Thanks for the review, please see inline On Thu, 24 Apr 2025 at 19:25, Stephane Bortzmeyer wrote: > On Mon, Apr 14, 2025 at 08:18:29AM -0700, > The IESG wrote > a message of 28 lines which said: > > > The IESG has received a request from the Domain Name System Operations WG > >

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

On Thu, 24 Apr 2025 at 18:45, Stephane Bortzmeyer wrote: > On Wed, Apr 23, 2025 at 11:19:26AM +0530, > tirumal reddy wrote > a message of 450 lines which said: > > > > * In Section 3, "However, this approach is ineffective when DNSSEC > > > is deployed give

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

The intent of the structured error mechanism is not to promote or endorse censorship, but to provide transparency where filtering already exists — for instance, due to security policy requirements. Without such signaling, users typically receive a generic NXDOMAIN response or are directed to forged

[DNSOP] Re: Last Call: (Structured Error Data for Filtered DNS) to Proposed Standard

Hi Mark, Thanks for the review. Please see inline On Thu, 17 Apr 2025 at 07:47, Mark Nottingham wrote: > Since this draft was sent to the IESG, there's been significant other work > incorporating feedback from browser vendors, in order to make information > about DNS blocking more visible to en

[DNSOP] Re: Artart Last Call review of draft-ietf-dnsop-structured-dns-error-12

Thanks Paul for the detailed review. Please see inline On Mon, 21 Apr 2025 at 04:15, Paul Kyzivat wrote: > Reviewer: Paul Kyzivat > Review result: Ready with Nits > > I am the assigned ARTART reviewer for this Internet-Draft. > > Document: draft-ietf-dnsop-structured-dns-error-12 > Reviewer: Pau

[DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error

gt; Call. > > > > Regards > > > > -éric > > > > > > > > *From: *tirumal reddy > *Date: *Monday, 7 April 2025 at 16:25 > *To: *Eric Vyncke (evyncke) > *Cc: *dnsop@ietf.org , danw...@gmail.com < > danw...@gmail.com>, neil.c...@noware.co.uk ,

[DNSOP] Fwd: New Version Notification for draft-ietf-dnsop-structured-dns-error-11.txt

This revision https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-11.html addresses comments from Éric. -Tiru -- Forwarded message - From: Date: Tue, 8 Apr 2025 at 10:59 Subject: New Version Notification for draft-ietf-dnsop-structured-dns-error-11.txt To: Tirum

[DNSOP] Re: AD review of draft-ietf-dnsop-structured-dns-error

Hi Eric, Thanks for the review. Please see inline On Fri, 4 Apr 2025 at 17:27, Eric Vyncke (evyncke) wrote: > Dear authors, dear shepherd, DNSOP WG, > > > > As Mohamed ‘Med’ Boucadair is now the responsible AD for DNSOP, he passed > me the role of responsible AD for this I-D :-) Therefore, here

[DNSOP] Fwd: I-D Action: draft-ietf-dnsop-structured-dns-error-10.txt

The revised draft https://datatracker.ietf.org/doc/draft-ietf-dnsop-structured-dns-error/ addresses the comments received during the WGLC. -Tiru -- Forwarded message - From: Date: Wed, 27 Nov 2024 at 10:56 Subject: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-10.txt

[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error

Thank you, Daniel, for the review. We have updated the draft to address your comments. Please see inline responses for the comments we did not address. On Tue, 12 Nov 2024 at 17:00, Daniel Migault wrote: > I believe the document is ready, please find some comments. > > 3. DNS Filtering Techniq

[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error

On Mon, 4 Nov 2024 at 11:32, Ralf Weber wrote: > Moin! > > On 26 Oct 2024, at 21:10, Benno Overeinder wrote: > > If you believe this draft is ready for publication as an RFC, please > state your support. Conversely, if you feel the document isn’t ready for > publication, please provide your conc

[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error

Thanks Stephane for the review. Please see inline On Sat, 2 Nov 2024 at 22:59, Stephane Bortzmeyer wrote: > On Sat, Oct 26, 2024 at 10:10:43PM +0200, > Benno Overeinder wrote > a message of 25 lines which said: > > > This initiates the Working Group Last Call (WGLC) for > > draft-ietf-dnsop-s

[DNSOP] Re: New Version Notification for draft-nottingham-public-resolver-errors-00.txt

For the prior versions of draft (see https://datatracker.ietf.org/doc/html/draft-reddy-dnsop-error-page-08), the primary objection wasn’t about using HTML or plain text but rather the potential for URLs to convey unwarranted information. The main concern was that URLs could be misused by malicious

[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error

Hi Ben, The selected suberror codes are identified as threats by the IETF and would potentially compromise the security posture of the endpoint (see Section 10.4 of the draft). The other common reasons you mentioned fall under the category of 'censorship,' which could be perceived as an invasion o

[DNSOP] Re: Working Group Last Call draft-ietf-dnsop-structured-dns-error

Hi Tommy, The draft draft-ietf-dnsop-structured-dns-error includes appropriate extensibility mechanisms. I reviewed the new draft, draft-nottingham-public-resolver-errors-00, and it does not require any updates to draft-ietf-dnsop-structured-dns-error. In the future, we may see other drafts propos

[DNSOP] Re: [EXTERNAL] New Version Notification for draft-tjjk-cared-00.txt

On Wed, 24 Jul 2024 at 02:29, Ben Schwartz wrote: > It seems like there's some confusion here. ECH is an extension to TLS > that is still under development (and now nearly final). Use of ECH is > optional in TLS 1.3. Any entity that can control the TLS version in use > also has the ability to

[DNSOP] Re: [EXTERNAL] New Version Notification for draft-tjjk-cared-00.txt

In enterprise networks, DNS services typically enforce policies at the organization and user-group levels, rather than at the individual user level. DNS filtering is generally not imposed based on individual user identities. It would be interesting to evaluate other possible solutions that could e

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-07.txt

The revised draft https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-07.html addresses comments from the WG. The changes involve removing 'https' and adding 'mailto' as contact URI schemes. Additionally, we have added a new registry for Contact URI schemes, allowing the addition

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

ents are free to > ignore contact URIs with unsupported schemes. > > Even a "mailto:"; scheme is not without risk here, and I wouldn't be > surprised if some browser vendors feel it is unsafe to display. However, > it sounds like there is some interest from potential clients,

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

I would like to clarify that the purpose of the "c" (contact) field is not to display an error page but to provide contact details of the IT/InfoSec team for reporting misclassified DNS filtering. Its function is to report legitimate domain names that have been incorrectly blocked due to misclassif

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

On Thu, 12 Oct 2023 at 21:37, Tommy Pauly wrote: > > > On Oct 11, 2023, at 3:17 PM, Warren Kumari wrote: > > > > > > On Tue, Oct 10, 2023 at 12:56 PM, Vodafone Gianpaolo Angelo Scalone < > Gianpaolo-Angelo.Scalone=40vodafone@dmarc.ietf.org> wrote: > >> I really love this draft and would like

Re: [DNSOP] I-D Action: draft-ietf-dnsop-structured-dns-error-06.txt

On Tue, 10 Oct 2023 at 22:27, Gianpaolo Angelo Scalone, Vodafone wrote: > > I really love this draft and would like to see browser side implementation > for the benefit of customers user experience. > Today several services are implemented on top of DNS to filter malicious > or unwanted traffic i

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-structured-dns-error-03

On Wed, 12 Jul 2023 at 21:37, Joseph Salowey wrote: > THanks Tiru, > > This discussion has been really helpful for my understanding, just a few > questions below: > > On Mon, Jul 10, 2023 at 10:17 PM tirumal reddy wrote: > >> On Mon, 10 Jul 2023 at 1

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-structured-dns-error-03

On Mon, 10 Jul 2023 at 10:22, Joseph Salowey wrote: > > > On Tue, Jul 4, 2023 at 5:20 AM tirumal reddy wrote: > >> Thanks for the review. Please see inline >> >> On Sat, 1 Jul 2023 at 10:41, Joseph Salowey via Datatracker < >> nore...@ietf.org> wrote:

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-structured-dns-error-03

Thanks for the review. Please see inline On Sat, 1 Jul 2023 at 10:41, Joseph Salowey via Datatracker < nore...@ietf.org> wrote: > Reviewer: Joseph Salowey > Review result: Has Issues > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF docume

Re: [DNSOP] Incompatibility with indicating client support for EDE (draft-ietf-dnsop-structured-dns-error)

On Wed, 24 May 2023 at 19:30, Tommy Pauly wrote: > > > On May 24, 2023, at 12:00 AM, tirumal reddy wrote: > > On Wed, 24 May 2023 at 01:48, Tommy Pauly 40apple@dmarc.ietf.org> wrote: > >> Using length=2 and INFO-CODE=0 sounds fine to me. >> >> For th

Re: [DNSOP] Incompatibility with indicating client support for EDE (draft-ietf-dnsop-structured-dns-error)

On Wed, 24 May 2023 at 01:48, Tommy Pauly wrote: > Using length=2 and INFO-CODE=0 sounds fine to me. > > For the dependency on draft-ietf-add-resolver-info, I don't think we need > to impose that dependency. I'd much prefer to allow clients to look at that > optionally, but still be able to inclu

[DNSOP] Fwd: I-D Action: draft-ietf-dnsop-structured-dns-error-02.txt

Hi all, Revised draft https://www.ietf.org/archive/id/draft-ietf-dnsop-structured-dns-error-02.html addresses comments during the presentation at IETF-116. Any further comments and suggestions are welcome. Cheers, -Tiru -- Forwarded message - From: Date: Sat, 29 Apr 2023 at 12:4

Re: [DNSOP] draft-ietf-dnsop-structured-dns-error: suberr registration policy

On Wed, 19 Apr 2023 at 20:49, Benjamin Schwartz wrote: > > > On Wed, Apr 19, 2023 at 10:04 AM tirumal reddy wrote: > >> On Tue, 18 Apr 2023 at 16:41, Benjamin Schwartz wrote: >> >>> The draft's opening words are "DNS filtering is widely deployed for &

Re: [DNSOP] draft-ietf-dnsop-structured-dns-error: suberr registration policy

On Wed, 19 Apr 2023 at 02:08, Benjamin Schwartz wrote: > On Tue, Apr 18, 2023 at 10:19 AM Ralf Weber wrote: > >> Moin! >> >> On 18 Apr 2023, at 15:54, Benjamin Schwartz wrote: >> > If the suberror field is mainly for communication from resolvers to >> > browsers, then any solution should only mo

Re: [DNSOP] draft-ietf-dnsop-structured-dns-error: suberr registration policy

On Tue, 18 Apr 2023 at 16:41, Benjamin Schwartz wrote: > The draft's opening words are "DNS filtering is widely deployed for > network security". This is true, but by far the "widest" deployment of DNS > filtering is for authoritarian national censorship, to prevent citizens > from engaging with

Re: [DNSOP] Call for Adoption: Structured Data for Filtered DNS

On Mon, 23 Jan 2023 at 20:37, Paul Wouters wrote: > On Sun, 22 Jan 2023, Tim Wicinski wrote: > > > Subject: [DNSOP] Call for Adoption: Structured Data for Filtered DNS > > > This starts a Call for Adoption for > draft-wing-dnsop-structured-dns-error-page > > I have no objection to adoption. I say

Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01

On Fri, 12 Nov 2021 at 20:55, Ben Schwartz wrote: > > > On Wed, Nov 10, 2021 at 11:18 AM Petr Špaček wrote: > ... > >> 2. If the new option was present in query, then DNS responder sends back >> Extended DNS Errors option (EDE, RFC 8914) with INFO-TEXT field >> formatted according to structured

Re: [DNSOP] updated to draft-wing-dnsop-structured-dns-error-page-01

Hi Petr, Thanks for the detailed review. Please see inline On Wed, 10 Nov 2021 at 21:48, Petr Špaček wrote: > On 14. 10. 21 19:36, Dan Wing wrote: > > We recently published -01 of Structured Data for Filtered DNS based on > WG feedback from IETF 111. We also incorporated both motivational and

[DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-07.txt

Hi all, This revision https://tools.ietf.org/html/draft-reddy-dnsop-error-page-07 addresses comments from the WG during the presentation at IETF-110. As a reminder, it defines an Error page URI EDNS0 option to return an URI Template which when accessed provides the reason the DNS query was filter

Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-05.txt

I-D that require input? >- Are there remaining questions from the 109 meeting? >- What's currently needed for potentially moving forward with WG >adoption? > > Thank you, > > -- > Joey Salazar > Digital Sr. Programme Officer > ARTICLE 19 > 6E9C 95E5 5

[DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-05.txt

Hi all, This revision https://tools.ietf.org/html/draft-reddy-dnsop-error-page-05 updates security considerations section to address comments from the WG during the presentation at IETF-108. As a reminder, it discusses a method to return an URL that explains the reason the DNS query was filtered.

[DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-03.txt

Hi all, This revision https://tools.ietf.org/html/draft-reddy-dnsop-error-page-03 addresses several comments from the WG during the presentation at IETF-108. Major updates are listed below: 1. Error page URI EDNS0 option to return an URI Template which when accessed provides the reason the DNS q

[DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-02.txt

Hi all, This revison https://tools.ietf.org/html/draft-reddy-dnsop-error-page-02 addresses comments from Wes and Vittorio. As a reminder, it discusses a method to return an URL that explains the reason the DNS query was filtered. It is useful for HTTPS enabled domain names blocked by DNS firewalls

Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-00.txt

Hi Wes, Please see inline On Fri, 24 Jul 2020 at 19:49, Wes Hardaker wrote: > tirumal reddy writes: > > > This draft https://tools.ietf.org/html/draft-reddy-dnsop-error-page-00 > > discusses a method to return an URL that explains the reason the DNS > > query was f

Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-00.txt

On Thu, 9 Jul 2020 at 12:52, Vittorio Bertola < vittorio.bert...@open-xchange.com> wrote: > > Il 09/07/2020 08:53 tirumal reddy ha scritto: > > Regarding section 4, in DPRIVE (on draft bcp-op) we have recently been > told that the IETF does not recommend in its best practice

Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-00.txt

On Wed, 8 Jul 2020 at 18:51, Bob Harold wrote: > > On Wed, Jul 8, 2020 at 3:38 AM tirumal reddy wrote: > >> Hi all, >> >> This draft https://tools.ietf.org/html/draft-reddy-dnsop-error-page-00 >> discusses a method to return an URL that explains the reason the

Re: [DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-00.txt

On Wed, 8 Jul 2020 at 18:28, Vittorio Bertola < vittorio.bert...@open-xchange.com> wrote: > > Il 08/07/2020 09:37 tirumal reddy ha scritto: > > > Hi all, > > This draft https://tools.ietf.org/html/draft-reddy-dnsop-error-page-00 > discusses a method to return an UR

[DNSOP] Fwd: New Version Notification for draft-reddy-dnsop-error-page-00.txt

Hi all, This draft https://tools.ietf.org/html/draft-reddy-dnsop-error-page-00 discusses a method to return an URL that explains the reason the DNS query was filtered. It is useful for HTTPS enabled domain names blocked by DNS firewalls for non-managed devices in Enterprise and Home networks. The

[DNSOP] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-01.txt

Hi all, We published https://tools.ietf.org/html/draft-reddy-dprive-dprive-privacy-policy-01 that discusses a mechanism for the DNS server to communicate its cryptographically signed privacy policy information to a DNS cli

Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information

Hi Paul, Please see inline On Mon, 5 Aug 2019 at 19:56, Paul Hoffman wrote: > Thank you for your detailed list > > On Aug 5, 2019, at 4:07 AM, tirumal reddy wrote: > > > > I did not receive response to the attacks discussed in > https://mailarchive

Re: [DNSOP] Call for Adoption: draft-sah-resolver-information

On Mon, 5 Aug 2019 at 16:20, Ralf Weber wrote: > Moin! > > On 4 Aug 2019, at 4:15, Rob Sayre wrote: > > > On Fri, Aug 2, 2019 at 8:04 AM Tim Wicinski wrote: > > > >> > >> The draft is available here: > >> https://datatracker.ietf.org/doc/draft-sah-resolver-information/ > >> > >> Please review th

Re: [DNSOP] Call for Adoption: draft-sah-resolver-information

I did not receive response to the attacks discussed in https://mailarchive.ietf.org/arch/msg/dnsop/4ubj2D4bzxS1VTsZKzcNqBcWgtM. Listing the attacks and comments for further discussion: a) Attackers can also host DoH/DoT servers and claim they offer security and privacy policies. How will the stub

Re: [DNSOP] [Ext] Request for adoption: draft-sah-resolver-information

Hi Paul, Please see inline On Wed, 17 Jul 2019 at 21:47, Paul Hoffman wrote: > On Jul 17, 2019, at 7:36 AM, tirumal reddy wrote: > >> One example is that the stub or browser may want to change DoH servers, > such as if it has discovered one that has a better

Re: [DNSOP] [Ext] Request for adoption: draft-sah-resolver-information

Hi Paul, Please see inline On Thu, 11 Jul 2019 at 05:55, Paul Hoffman wrote: > On Jul 9, 2019, at 3:46 AM, tirumal reddy wrote: > > My comments below: > > > > 1) Unless a DNS request for .{in-addr,ip6}.arpa/IN/RESINFO, > >or a subdomain, as described in Section

Re: [DNSOP] Request for adoption: draft-sah-resolver-information

Hi Paul, My comments below: 1) Unless a DNS request for .{in-addr,ip6}.arpa/IN/RESINFO, or a subdomain, as described in Section 2 is sent over DNS-over-TLS (DoT) [RFC7858] or DNS-over-HTTPS (DoH) [RFC8484], or unless the .{in-addr,ip6}.arpa zone is signed with DNSSEC, the response is

[DNSOP] Fwd: New Version Notification for draft-reddy-dprive-bootstrap-dns-server-03.txt

Hi all, This draft https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-03 explains mechanism to automatically bootstrap endpoints to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network. The specification discusses : (1) Bootstrapping p

Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-reid-doh-operator

On Tue, 26 Mar 2019 at 10:48, Paul Vixie wrote: > > > Ian Swett wrote on 2019-03-25 01:28: > > One way DoH may be faster than DoT in the near future is that DoH can go > > over HTTP/3 via QUIC and avoid head of line blocking like Do53. > Do53/UDP has no HoL prolem. > > nor does Do853/TCP. > TCP

Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-reid-doh-operator

On Mon, 25 Mar 2019 at 16:05, Tony Finch wrote: > Ted Lemon wrote: > > > This is equally an argument for doing DNS over DTLS. This would give > > similar performance to DoH over QUIC. > > If I understand it correctly, DTLS leaves MTU and fragmentation up to the > application protocol. The DNS ha