Reviewer: Joe Clarke Review result: Has Nits I have been tasked to review this document on behalf of the OPS directorate. This document describes new means by which a DNS client can discover encrypted DNS services by DHCPv4, DHCPv6, and/or IPv6 RA messages. From an operational point of view, I found the description of the protocol and how the client behaves to be good. I was pleased to see sections that described why certain considerations were made. That said, I didn't see any discussion of how a DHCP client would treat encrypted DNS options along with the standard name-server (option 6, v6 option 23) in DHCP or the RDNSS. You mention you initially thought of using those approaches, but that leads to probing. Section-wise, I found a couple of nits: Section 3.1.8: s/If the checks fail, the receiver discards/If any of the checks fail, the receiver MUST discard/ I felt this makes the text both clearer and more normative. You use normative language in later sections when referring to 3.1.8. === Section 5.1: In the figure, I feel TBA2 should be replaced with OPTION_V4_DNR. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call