Matthäus Wander wrote: > ... > > I didn't mean to imply that a DTLS solution can be universally deployed.
because the dns is a map to the territory known as the internet, and because most internet packet flows begin with a dns transaction, i'm dismissing out of hand anything that will almost universally not work for some class of user, such as those in hotel room wireless networks, or behind CPE that either can't pass new protocols or would require above-average skill to configure for such. in my own configuration i'd set EDNS to be the primary protocol, and add HTTPS as the first fallback to be tried, so that the fallback to plain DNS on UDP/53 can be as rare as possible. this may even be a reasonable default. but we can't spend any of our time pretending that the internet architecture isn't a hostage to a billion poorly built CPE devices, no matter how hopeful we are as to the future, and no matter how many personal counter-examples we can cite. vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop