Ted Lemon wrote:
On Apr 4, 2018, at 11:37 AM, Paul Vixie <p...@redbarn.org
there's code that implements this. there are people using it. there
will be more of both. a standard will mean greater interoperability.
Why was the code written? Why are they using this?
where the client can't be upgraded to DOH, and the network can't be
upgraded to add VPN's, this allows a name server to be reachable with
full fidelity (no middleboxes, so EDNS works) and better-than-cleartext
privacy. i use it on my laptop when in a hotel room or coffee shop.
What is it about this
solution that makes it preferable, for their use case, to a smart proxy
that is itself a full-service resolver and thus shouldn't tunnel
information about the query transport?
this is a far thinner solution than a full-service resolver, which would
require local configuration and monitoring and so on, as well as
topology stability that can't be guaranteed.
Given Bert's talk on camels, I think these are questions that are worth
asking, and the answer shouldn't be "because."
this would never be part of the mandatory-to-implement "DNS core".
DNSOP mailing list