Ted Lemon wrote:
On Apr 4, 2018, at 11:37 AM, Paul Vixie <p...@redbarn.org
<mailto:p...@redbarn.org>> wrote:
there's code that implements this. there are people using it. there
will be more of both. a standard will mean greater interoperability.

Why was the code written? Why are they using this?

where the client can't be upgraded to DOH, and the network can't be upgraded to add VPN's, this allows a name server to be reachable with full fidelity (no middleboxes, so EDNS works) and better-than-cleartext privacy. i use it on my laptop when in a hotel room or coffee shop.

What is it about this
solution that makes it preferable, for their use case, to a smart proxy
that is itself a full-service resolver and thus shouldn't tunnel
information about the query transport?

this is a far thinner solution than a full-service resolver, which would require local configuration and monitoring and so on, as well as topology stability that can't be guaranteed.

Given Bert's talk on camels, I think these are questions that are worth
asking, and the answer shouldn't be "because."

this would never be part of the mandatory-to-implement "DNS core".

P Vixie

DNSOP mailing list

Reply via email to