In article <153397442482.20828.13036371457377811227@xxxxxxxxxxxxxx> you write: >This document is almost ready, but requires some clarifications and, more >importantly, an analysis of the impact of switching from a connection-less >protocol (UDP) to a connection-oriented protocol (HTTPS/TCP) for DNS resolution. But DNS resolution has always worked over TCP. See RFC 1035, section 4.2.2. Tbe usual case is retry on TCP when a UDP response is truncated, but it's equally valid to do TCP in the first place. Is there a reason that the security threats of DOH over TCP would be any diferent from existing DNS over TCP? R's, John
