Moin! On 1 Dec 2025, at 9:06, Tobias Fiebig wrote: > Currently on that; The text I would propose is: > > <=== > Note: Please note that this document only explicitly discusses DNS- > over-TCP and DNS-over-UDP. [RFC9539] documents the opportunistic use of > several other transport methods between recursive and authoritative DNS > severs, including DNS over various encrypted transports. Some of these > technologies provide additional mechanisms for preventing the impact of > a reduced PMTU or MTU blackholes. Guidance in this document focuses on > IP version support, and questions of the underlying transport protocol > (TCP or UDP). If DNS servers use an additional protocol layer, e.g., > DNS-over-TLS [RFC7858] or DNS-over-QUIC [RFC9250], for their > communication, and that protocol supports additional measures to > prevent fragmentation on the IP layer related issues, these measures > SHOULD be used for the connection. Otherwise, if the protocol is not > resilient to IP layer fragmentation related issues by default, the > above guidance for TCP and UDP based connections SHOULD be applied > analogously. > ===> > > This leaves the topic, imho, sufficiently open, yet focused. > > Thoughts?
I really would like to avoid mentioning RFC9539, as people might look at this after we got DELEG to work with encrypted transports as the way how a recursive resolver should discover encrypted transports to authorities and it clearly is not the way. Also the use of encrypted transports even between recursive and auth pre dates this RFC. So IMHO we should just say that now and in the future recursive can use other transports and then continue with the text you have. So long -Ralf ——- Ralf Weber _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
