In message <alpine.lfd.2.10.1404232145120.4...@bofh.nohats.ca>, Paul Wouters writes: > On Wed, 23 Apr 2014, Nicholas Weaver wrote: > > > On Apr 23, 2014, at 1:00 PM, Paul Wouters <p...@nohats.ca> wrote: > >> No, I fully disagree with this. Port 53 TCP has a much better chance at > >> working these days than a random other newly assigned port. > > > > Not true. Port 53 is far more molested than "random": INBOUND firewall > > rules prevent you from running new services without firewall rule > > modifications > , but outbound blocking is far less common. (Our test port for this is TCP > 1947 with Netalyzr). > > Provided you use "traditional DNS" perhaps? Once you account for roaming > around different network, I think you will see port 53 us regularly > transparently proxied to a local DNS server. When those see something > they don't understand because its not "traditional DNS", you'll lose. > > Paul
Which doesn't handle RD=0 queries and often doesn't handle DNSSEC. This still isn't a reason to not use port 53. It is a reason to write "Transparent DNS Proxies Considered Harmful". It is a reason to have a DHCP{v6} option for "hotspot registration". Mark > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy