Configuring Private DNS via DHCP
At IETF 102 in Montréal, I presented some slides on DHCPv6 Private DNS Discovery at the DRIU BOF.
The talk was based on an Internet Draft that Willem Toorop and I worked on: DHCPv6 Options for private DNS Discovery. It provided a means to include an Authenticated Domain Name (ADN) for a nameserver to be used with DNS over TLS (DoT) or DNS over HTTPS (DoH).
To say that the talk was received poorly is an understatment...
Ted Lemon made a good argument that DHCP should only be used for boostrapping initial network parameters and not for full fledged configuration of all network parameters.
There was enough consensus that we feel that moving forward with this work would go against the wishes of the IETF community.
There still is a need for configuring the ADN in a trusted campus environment but a different proposal will need to be invented for this use case.
Overall, it was a good excercise and I hope that by documenting this here, it will discourage others from going down this path in the future.more ...