On Feb 12, 2019, at 3:03 PM, Paul Vixie <[email protected]> wrote: > David Conrad wrote on 2019-02-12 14:58: >>> lack of an IETF-approved standard with planned implementation by a half >>> dozen tech giants, >> And that worked so well with NAT. > network operators had a choice whether to deploy NAT.
You missed my point. The IETF declared NATs heretical and as a result, a zillion people did it in a zillion different ways, creating a huge mess. Lots of people are implementing sending/receiving DNS queries/responses over HTTPS. DoH simply codifies one way of doing it so that network managers, software developers, etc., have a chance to develop management systems for it. > i'd like the same level of freedom when it comes to how DNS is served. Then force the folks on your network to install a cert so you can filter out DoH. Contrary to your assertion, I doubt netflow will let you discriminate between good and evil. You have to have visibility to do that. > too old-school? Too ostrich-like. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
