DoH plugin for BIND

Michael De Roover isc at
Sat May 2 15:11:44 UTC 2020

I'm sure that most of the list members here are aware of how net 
neutrality and the internet in general works - we're internet operators 
after all. What we're here for is ports and protocols, not policy or 
internet culture. On that subject, we are not policy makers. Let's leave 
that to politicians who studied for it. Vote some technical people in 
government while we're at it, but I digress.

The DoT/DoH argument or what a mail server could be operated from is not 
one of policy.. well maybe mail servers are, to some extent. Perhaps 
there's some ISP employees here too. Those are in power to allow or 
disallow things on their network. But DoT/DoH certainly isn't. What are 
we supposed to worry about? How do we implement this new encrypted DNS. 
Do we piggyback off an existing port and rely on its ubiquitous 
allowance on the internet or do we create a new port for it, where we 
can make a dedicated new protocol suite?

On 5/2/20 5:03 PM, Reindl Harald wrote:
> Am 02.05.20 um 16:39 schrieb Paul Kosinski via bind-users:
>> I wasn't complaining about port 25, I was just citing it as a
>> counterexample to the claim that ISPs "must" pass all traffic.
>> I think that most ISPs tell customers how to set up their email clients
>> (NUAs) including what port to use. Of course it seems that now most
>> people use Web based email like Gmail, Yahoo (and even Comcast/Xfinity)
>> so they never see port numbers.
>> On Sat, 2 May 2020 15:51:58 +0200
>> Reindl Harald <h.reindl at> wrote:
>>> Am 02.05.20 um 15:41 schrieb Michael De Roover:
>>>> In my experience and from what I've heard, very few.
>>> if that would be true how comes that most mail clients still default to
>>> 25 for submission and years after closing port 25 on our mailserver i
>>> still struggle with customers smartphones still not using 587?
>>> in fact 10 years ago some ISP's *tried* to kill outbound port 25 because
>>> there is no point in using it from a homemachine and at that time we
>>> struggeled also to explain our customers that 25 is plain wrong
>>> finally they gave up because the damage of open port 25 is killed with
>>> dnsbl but the customer support went crazy with "why can't i send email
>>> with my internet connection"
>>>> Even if your ISP allows it, chances are that other mail servers will reject it
>>> that's a completl different story
>>>> On 5/2/20 3:30 PM, Paul Kosinski via bind-users wrote:
>>>>> How many ISPs allow traffic on port 25? My impression is that even many
>>>>> (non-enterprise) business customers can't use port 25
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at
Met vriendelijke groet / Best regards,
Michael De Roover

More information about the bind-users mailing list