On 13 Nov, 2014, at 12:26, Paul Wouters <[email protected]> wrote: > Thanks for the pointer. I was not aware of this. > > I skimmed the RFC but it does not state on which port the DNS over TLS > happens. Is it on port 53 or port 443 or another port?
There is no fixed port. It uses whatever port you choose, and the client looks up the SRV record “_dns-query-tls._tcp.example.com” to find that information. The LLQ server machine can even be a “hidden secondary” in the sense that it’s not listed in any NS record. I’m not suggesting that DNS-over-TLS-over-TCP is the solution for DNS Privacy. I was only pointing it out so that people discussing DNS-over-TLS-over-TCP would be aware of this existing deployment. If you use Back to My Mac, you’re using DNS-over-TLS-over-TCP. Stuart Cheshire _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
