IETF Logo Mail Archive

Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt

Ole Troan <otroan@employees.org> Mon, 29 April 2019 09:28 UTC

Return-Path: <otroan@employees.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA22120115 for <dns-privacy@ietfa.amsl.com>; Mon, 29 Apr 2019 02:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5Lz19LT9NX0 for <dns-privacy@ietfa.amsl.com>; Mon, 29 Apr 2019 02:28:19 -0700 (PDT)
Received: from bugle.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 426941200C3 for <dns-privacy@ietf.org>; Mon, 29 Apr 2019 02:28:19 -0700 (PDT)
Received: from astfgl.hanazo.no (unknown [173.38.220.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bugle.employees.org (Postfix) with ESMTPSA id 6CA4DFECBE7D; Mon, 29 Apr 2019 09:28:18 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 7EBF7143FACE; Mon, 29 Apr 2019 11:28:14 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <9a851741-c4e3-44fd-e659-91e7eec8a88a@gmail.com>
Date: Mon, 29 Apr 2019 11:28:14 +0200
Cc: dns-privacy@ietf.org, Martin Thomson <mt@lowentropy.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DC146870-7A45-4D1B-856F-43EA4056D2A3@employees.org>
References: <155637241515.19889.8043108886886364414.idtracker@ietfa.amsl.com> <9a851741-c4e3-44fd-e659-91e7eec8a88a@gmail.com>
To: Thomas Peterson <nosretep.samoht@gmail.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/GaoMm7ZojaMtNjbctczlwSX1xkI>
Subject: Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 09:28:21 -0000

> In a recent discussion in the DoH mailing list around a draft that describes resolver discovery, Martin Thomson made the suggestion[0] to use DHCP and RA options instead to transmit both DNS over HTTP resolver addresses, but more relevant to this WG also DNS over TLS endpoints as well. I have published draft-peterson-dot-dhcp, which describe the relevant DHCPv4, DHCPv6, and RA options to support this.
> 
> Could I please get feedback, specifically if the WG is in support of it.

I'm not very keen on yet another DNS configuration option.
But if you were to do it in the RA, I wonder if it wouldn't be cleaner to do it with the universal RA approach:

https://tools.ietf.org/html/draft-troan-6man-universal-ra-option-01

Currently the DNS option is defined as (in CDDL):
 dns = {
      dnssl : [* tstr]
      rdnss : ipv6-addresses : [* tstr]
      ? lifetime : uint
 }      

And you could just add a new attribute for transport:

 dns = {
      dnssl : [* tstr]
      rdnss : ipv6-addresses : [* tstr]
      ? lifetime : uint
      transport : "udp" / "tls" / "https"
 }

Ole

v2.23.0 | Report a Bug | By Email