poztter.net
poztter.net / ports
Ports.
Three TCP ports do all of POZ. Each one enforces a specific contract — encryption and submission semantics are baked into the port choice, not negotiated within a connection.
| Port | Name | Encryption | Direction | Use |
|---|---|---|---|---|
7074 |
POZ Query | None (plaintext) | Client → Server | Public lookups. Response is self-verifying, so plaintext is acceptable. |
7075 |
POZ Query (Private) | Noise NK | Client → Server | Private lookups. Eavesdropper cannot see what's being asked or returned. |
7076 |
POZ Submit | Noise NK | Client → Authority | Push signed updates. Used only against authoritative servers. |
why three ports
- 7074 vs 7075 — privacy. Plaintext queries are useful for tooling, debugging, monitoring, and environments where Noise isn't available. Encrypted queries protect the privacy of which user is being looked up. Port choice makes the privacy expectation visible at the firewall layer.
- 7075 vs 7076 — operation. Lookups are read-only and can be served by any cache. Submissions modify state and must go to an authoritative server. Splitting them prevents accidental misconfiguration where a cache starts accepting writes.
- Future-proofing. Additional roles (mirror replication, delegation queries) can be assigned new ports without disturbing existing ones.
firewall recommendations
- Public-facing cache: open
7074and7075. - Authoritative server: open
7075and7076.7074optional. - Holder-only client: outbound only. No inbound POZ ports needed.
SRV records
_poz._tcp.example.com. 300 IN SRV 10 0 7075 poz1.example.com.
_poz._tcp.example.com. 300 IN SRV 20 0 7075 poz2.example.com.
_poz-submit._tcp.example.com. 300 IN SRV 10 0 7076 poz-auth.example.com.plaintext fallback
If a client cannot reach 7075 (Noise NK blocked, no shared static key yet), it may use 7074 to fetch the master zone for the domain — including the server's Noise static key — and then upgrade to 7075 for subsequent queries. Records are self-verifying either way; the encrypted port adds privacy, not authenticity.