Paul, I'm trying to understand your scenario. If you ran your own DoH server in your network (doing RDNS or whatnot), and the DoH server is distributed to clients via DHCP + a protocol upgrade mechanism, would that address the concerns you are listing?
Vinicius Fortuna On Thu, Mar 14, 2019 at 1:33 AM Paul Vixie <[email protected]> wrote: > On Thursday, 14 March 2019 00:48:53 UTC Ted Lemon wrote: > > On Mar 12, 2019, at 2:52 PM, Paul Vixie <[email protected]> wrote: > > > please do not relegate discussions about the loss of operator control > over > > > the RDNS control plane > > > > Although it’s certainly true that DNS is used as a control plane by many > > operators, there is no standard “RDNS control plane.” ... > > i don't think lack of standardization is the same as not existing. devices > which honour the dhcp-assigned rdns service, work as expected, and as > intended. devices who ignore that setting and seek their own rdns by their > own > internal configuration, will often not work at all. > > because many of us amend our locally visible dns namespace with things > like > .corp or .home or .local, it's even more vital that devices respect the > rdns > assignment i make. the dns content i want to be visible on my network, > have to > be visible on my network. > > because many of us won't allow pirate or malware or otherwise undesired > DNS > lookups to succeed, either because we don't like the name, or we don't > like > the result of the query, or we don't like some name server that would be > involved in resolving it. the dns content i don't want to be visible on my > network, have to not be visible on my network. > > from the days before dhcp when we typed these numbers in by hand, until > now, > it has always been the expectation that rdns was part-and-parcel of local > network service. no different in that regard from dhcp or arp, neither of > which is standardized under the heading, "control plane", yet, are. > > so i think i'm not going to follow you down this terminological rabbit > hole. > the reason that internet creations of yours will work better on my network > if > you treat the rdns as part of my control plane is, because it's my network > and > that's how i operate it. you're not welcome to bypass it, nor answer dhcp > requests when you're not my dhcp server, nor answer arp requests when you > aren't the device i assigned that address to. > > you can call that tautological if you wish. but it's the life my networks > lead. external DoH providers are explicitly not welcome to provide service > to > malware or intruders who get into my network -- because rdns is part of my > control plane, and like arp and dhcp, i control it and i monitor it, for > $reasons. > > > The problem with the discussion we’ve been having about DoH and how it > > affects your “RDNS control plane” is that we’re talking past each other, > > not that the discussion should be had elsewhere. It’s fine for there to > > be a discussion, but if there is going to be a discussion, participants > > need to engage constructively, and not just fling slogans at each other.. > > i think i've flung considerably more than slogans, and, it's been > exhausting. > > vixie > > > _______________________________________________ > hrpc mailing list > [email protected] > https://www.irtf.org/mailman/listinfo/hrpc >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
