In message <[email protected]>, Paul Wouters
writes:
> On Wed, 23 Apr 2014, Nicholas Weaver wrote:
>
> > On Apr 23, 2014, at 1:00 PM, Paul Wouters <[email protected]> wrote:
> >> No, I fully disagree with this. Port 53 TCP has a much better chance at
> >> working these days than a random other newly assigned port.
> >
> > Not true. Port 53 is far more molested than "random": INBOUND firewall
> > rules prevent you from running new services without firewall rule
> > modifications
> , but outbound blocking is far less common. (Our test port for this is TCP
> 1947 with Netalyzr).
>
> Provided you use "traditional DNS" perhaps? Once you account for roaming
> around different network, I think you will see port 53 us regularly
> transparently proxied to a local DNS server. When those see something
> they don't understand because its not "traditional DNS", you'll lose.
>
> Paul
Which doesn't handle RD=0 queries and often doesn't handle DNSSEC.
This still isn't a reason to not use port 53. It is a reason to
write "Transparent DNS Proxies Considered Harmful".
It is a reason to have a DHCP{v6} option for "hotspot registration".
Mark
> _______________________________________________
> dns-privacy mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dns-privacy
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
