I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-dprive-dnsodtls-12
Reviewer: Jouni Korhonen
Review Date: 2016-11-17
IETF LC End Date: 2016-11-16
IESG Telechat date: 2016-12-15

Summary:

The document is ready for publication.

Comments/questions:

o Section 3.1. has “first-come, first-served” port range. What port range this 
  actually is? Does it refer to ephemeral port range (rfc6335).

o Section 6 describes a case where an anycasted DTLS packet reaches a DNS server
  that does not have an existing security association with the client. A DTLS
  session resumption should initiated as a result. Is it possible that the next
  DTLS message again reaches another DNS server without security association, which
  would cause a new fatal alert to be returned.. etc?? If this is the case there should
  be some text pointing at this case. If I am just confused the current text is fine.