Ted Lemon wrote:
On Apr 4, 2018, at 2:35 PM, Paul Vixie <[email protected]
<mailto:[email protected]>> wrote:
could this be done with a resolver using non-proxy DOH as a transport
to its forwarder? sure. but that puts semantic intelligence in the
middle, which will introduce configuration, logging, monitoring,
diagnosis, upgrade, and patching costs. i don't want those here.
So essentially this is {UDP | TCP}-over-HTTPS, with constraints on the
destination port?
no. it uses a DNS response message of rcode SERVFAIL for error
signalling. so, it is as transparent as possible, and no more.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
