[dns-operations] need ideas for selective proxying to defeat the economic poison pill built into DOH

Paul Vixie paul at redbarn.org
Thu May 16 05:46:20 UTC 2019

On Monday, 13 May 2019 02:31:31 UTC Grant Taylor wrote:
> There's always a TCP Reset and then not interfering with the next
> packets between the two IPs.

this is the most interesting idea i've heard, and i'm thinking hard about it.

the second most interesting idea i've heard is dnsfire:


the holy grail is, listeners who don't support DOH (the /dns-query URI) should 
be rewarded by not having their traffic decrypted at my network edge, and i 
never have to force a TLS downgrade on my clients. this requires some kind of 
selective proxying. i don't think that's simple. does anyone?


More information about the dns-operations mailing list