Re: [DNSOP] my dnse vision

Tony Finch <dot@dotat.at> Wed, 05 March 2014 12:42 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56BF01A0114 for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 04:42:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wl2btK12gMfW for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 04:42:02 -0800 (PST)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41-v6.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f41]) by ietfa.amsl.com (Postfix) with ESMTP id 1A9531A0048 for <dnsop@ietf.org>; Wed, 5 Mar 2014 04:42:02 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from [31.76.20.219] (port=56396) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:AES128-SHA:128) id 1WLB8y-0003wg-QH (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 05 Mar 2014 12:41:58 +0000
References: <201403051107.s25B7ext069332@givry.fdupont.fr>
Mime-Version: 1.0 (1.0)
In-Reply-To: <201403051107.s25B7ext069332@givry.fdupont.fr>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <014D0BC2-84DD-4EDF-9955-2F13A59191AD@dotat.at>
X-Mailer: iPhone Mail (11B651)
From: Tony Finch <dot@dotat.at>
Date: Wed, 5 Mar 2014 12:41:43 +0000
To: Francis Dupont <Francis.Dupont@fdupont.fr>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/NW48EWfolMgD16bLCJzw8iDdU_Y
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 12:42:04 -0000

On 5 Mar 2014, at 11:07, Francis Dupont <Francis.Dupont@fdupont.fr> wrote:
> 
> I consider the first one to be already solved, cf. the Microsoft
> deployed solution which puts clients, local networks, the resolver
> (also the Microsoft Domain Server :-), in the same area and uses
> IPsec to protect it.

I don't know if it is solved in a particularly satisfactory way. There is also DNScrypt supported by OpenDNS and DNS-over-TLS supported by Unbound. However neither of those do autoconfiguration, and I guess the Microsoft setup is not great for mobile devices.

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/