On Tue, 23 Mar 2021, Jim Reid wrote:
On 23 Mar 2021, at 21:20, Ben Schwartz <[email protected]>
wrote:
I think there's a miscommunication here. The proposals here are about how a
TLD operator can tell a **recursive resolver** what encrypted DNS server to
use, exactly like an NS record. This is not suggesting any change to stub
resolver behavior.
Ben, I was referring to recursive resolver behaviour, not stubs.
The authoritative server expresses where to find its nameservers via its parent.
This is not different. I guess you feel this is different because instead
of publishing NS and A records about itself, it can now point to something
that is not a NS or A record. But this is not really different if the
parent can add NS/A records anyway.
eg an SVCB record that states "do DoT at 1.2.3.4" is the same
as adding a NS record like:
example.com. IN NS ns1.example.com.
example.com. IN NS xn--dot.example.com.
ns1.example.com IN A 1.2.3.5
xn--dot.example.com IN A 1.2.3.4
Except that now legacy servers also contact the DoT server, where as
with SVCB or any other kind of known _prefix, the DoT server does not
have to also be a regular nameserver.
So what is it that you are exactly objecting to? The syntax or the capability?
Paul
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
