On 08. 07. 25 0:58, Ben Schwartz wrote:
I have serious concerns about proposals that would encourage blocking/ unblocking IP addresses based on previous DNS activity. If your network's firewall behavior depends on the history of DNS queries, this creates an extreme form of stateful protocol ossification that prevents IP from working correctly. It's like NAT but worse, because the
Sorry to break the bad news: This is already happening even without this draft. DoH clients which decided to unilaterally ignore system-provided resolver triggered admins to implement this (with intent to enforce local policy) for locked-down environments.
-- Petr Špaček _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
