Re: [DNSOP] extension of DoH to authoritative servers

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 12 February 2019 08:39 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C6812894E for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 00:39:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tBsLGL7Zyy24 for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 00:39:10 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38D67124BAA for <dnsop@ietf.org>; Tue, 12 Feb 2019 00:39:10 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id AF97A280285; Tue, 12 Feb 2019 09:39:08 +0100 (CET)
Received: from relay01.prive.nic.fr (pa-th3.interco.nic.fr [192.134.4.74]) by mx4.nic.fr (Postfix) with ESMTP id A9D8328027B; Tue, 12 Feb 2019 09:39:08 +0100 (CET)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id A617A6424E45; Tue, 12 Feb 2019 09:39:08 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id 9F5964010D; Tue, 12 Feb 2019 09:39:08 +0100 (CET)
Date: Tue, 12 Feb 2019 09:39:08 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "zuopeng@cnnic.cn" <zuopeng@cnnic.cn>
Cc: dnsop <dnsop@ietf.org>
Message-ID: <20190212083908.w5cwgtmypkjwmqnd@nic.fr>
References: <2019021215560470371417@cnnic.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2019021215560470371417@cnnic.cn>
X-Operating-System: Debian GNU/Linux 9.7
X-Kernel: Linux 4.9.0-8-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6CPp6UlTTqwnXaNI2mdQrG_hTEw>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 08:39:11 -0000

On Tue, Feb 12, 2019 at 03:56:04PM +0800,
 zuopeng@cnnic.cn <zuopeng@cnnic.cn>; wrote 
 a message of 546 lines which said:

> I am considering extending the DoH protocal to authoritative
> servers.

Why DoH and not DoT? DoH is useful because 1) port 853 may be blocked
at the edge of the network 2) applications running in a Web browser
may need DNS data. But these two reasons do not apply to your use case
1) the resolver is often closer to the core and there is less risk
that 853 is blocked 2) there is no Web browser on the resolver.