Ted Lemon wrote:
On Apr 4, 2018, at 2:35 PM, Paul Vixie <p...@redbarn.org
<mailto:p...@redbarn.org>> wrote:
could this be done with a resolver using non-proxy DOH as a transport
to its forwarder? sure. but that puts semantic intelligence in the
middle, which will introduce configuration, logging, monitoring,
diagnosis, upgrade, and patching costs. i don't want those here.

So essentially this is {UDP | TCP}-over-HTTPS, with constraints on the
destination port?

no. it uses a DNS response message of rcode SERVFAIL for error signalling. so, it is as transparent as possible, and no more.

P Vixie

DNSOP mailing list

Reply via email to