Ted Lemon wrote:
Again, to repeat myself once more, one more time, I am asking that we actually decide what to recommend, and not just say "we all already all know what the right behavior is." If we all agreed on what the correct behavior was, we wouldn't be having this discussion. Maybe if we tried to describe what we all think the correct behavior was, we would realize that we do agree on it, but we haven't done that yet. And the possible set of all behaviors is more complicated than you suggest.
with regard to dhcp, if the dhc wg is freezing new features pending authentication capabilities which are not forthcoming, then dhcp is off the table for DoT discovery.
in that case, the purported android approach of "use DoT if it works" may be the only way forward. this means when current unauthenticated dhcp tells you what your rdns servers are, you'll try each of them with TCP/853 and use that if it works, else fall back to whatever you did before, which is probably UDP/53 falling back to TCP/53.
-- P Vixie _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
