IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

Paul Vixie <paul@redbarn.org> Wed, 01 July 2020 07:59 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D371E3A09DB for <add@ietfa.amsl.com>; Wed, 1 Jul 2020 00:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q34QsCFsIi_V for <add@ietfa.amsl.com>; Wed, 1 Jul 2020 00:59:18 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA563A09D9 for <add@ietf.org>; Wed, 1 Jul 2020 00:59:18 -0700 (PDT)
Received: from linux-9daj.localnet (dhcp-166.access.rits.tisf.net [24.104.150.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (1024 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 86252B0588; Wed, 1 Jul 2020 07:59:14 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Ted Lemon <mellon@fugue.com>
Cc: add@ietf.org
Date: Wed, 01 Jul 2020 07:54:26 +0000
Message-ID: <4703088.fjZbX7tNNj@linux-9daj>
Organization: none
In-Reply-To: <D7D47783-F18A-431A-964F-E366D071D023@fugue.com>
References: <CABcZeBPTkWeB40wpTowKvEJ-gXA3AL2e-BE+C_FC7Js7-D0DZQ@mail.gmail.com> <2560148.jvFFTcX3xC@linux-9daj> <D7D47783-F18A-431A-964F-E366D071D023@fugue.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/J8JqKse2jB9b1mZMzzmt9TECRfk>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 07:59:20 -0000

On Wednesday, 1 July 2020 05:59:51 UTC Ted Lemon wrote:
> On Jul 1, 2020, at 1:34 AM, Paul Vixie <paul@redbarn.org> wrote:
> > as i wrote, there are other network configuration parameters which are
> > also valuable targets, such as outbound proxy settings.
> 
> Who configures those with DHCP? That would be insane.

my IoT devices hate me, because i won't let them speak directly to their 
motherships, and lacking keyboards or ssh listeners, i have no way to tell 
them what proxy they would have to use to be successful. if you want me to 
agree that IoT is insane, i probably will. but it's our world.

> It sounds like a validating stub resolver will fail to work with your
> product.

well, yes and no. i want certain resolutions to fail. these fail. exactly how 
that failure is obtained matters less to me than the failure itself.

> > i think i should have paid more attention at that time, and i apologize.
> > DHCP was always the wrong thing to build, like BOOTP before it, and IPv6
> > address assignment after it. secure hosting networks have to use /30 and
> > later /31 netmasks (one customer per vlan) in order to trust any of this.
> 
> I don’t know what a “secure hosting network” is. Is that an IETF thing?

definitely not an IETF thing. rather, it's the real world.

-- 
Paul

v2.23.0 | Report a Bug | By Email