On Tue, 5 Nov 2019, Warren Kumari wrote:
Because then I need to probe them on 853 and wait N before trying on port 53, or I will only get any sort of protection for name-servers which I’ve spoken to recently enough that I have them in cache — that works for e.g: ns1.google.com, but not ns0.nohats.ca
Well, that's how we do things when remembering per-server characteristics, which we need to do anyway in case of outages. Like EDNS0 support and DNS COOKIES support is remembered and cached, why wouldn't resolvers do the same for this property. We didn't put "ns-edns" out there in name hacks either. Why start now? Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
