Minutes IETF102: driu
DNS Resolver Identification and Use
||Minutes IETF102: driu
IETF 102, Montréal
Chair: Paul Hoffman
Mailing List: https://www.ietf.org/mailman/listinfo/driu
Paul Hoffman started off with a list of topics from the BoF description, but
said that only a few would be discussed at the meeting based on interest from
the mailing list. He reiterated that this BoF was for discussion but not for
forming a Working Group.
Tom Pusateri talked about threats for DHCPv6 options. He asserted that adding
DNSSEC could help make configuration of the DNS resolver more secure against
some of these threats.
Ted Lemon talked about an earlier effort to make DHCP secure. There was a lot
of mic discussion about using DHCP for options that the user thinks might be
secure, such as DNS resolvers that run under TLS. There was a lot of
skepticism, although it was not universal.
Tom Pusateri then gave a brief overview of a proposal for discovery of DNS
servers in DHCPv6 using an authentication domain name. However, maybe because
of the earlier mic line skepticism, there was not a lot of interest.
The presentation that garnered the most interest in the room was a suggestion
from Mark Nottingham to encourage large web sites to host DoH servers, and that
those sites could advertise that they could act as DoH servers for other sites
as well. The mic discussion had many critics and proponents of the proposal,
including an alternate proposal to let sites say what their preferred DoH
servers are. There was definite interest to pursue the idea further on the
Sara Dickinson closed the meeting with an overview of the current environment
for DNS resolution in the OS and applications, and what this means for users.
The mailing list will remain open for the topics in the BoF.