IETF Logo Mail Archive

Re: [DNSOP] Call for Adoption: draft-song-dns-wireformat-http

Paul Wouters <paul@nohats.ca> Tue, 12 July 2016 11:00 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E322412D0AC for <dnsop@ietfa.amsl.com>; Tue, 12 Jul 2016 04:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.287
X-Spam-Level:
X-Spam-Status: No, score=-3.287 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzaDyzZRmlBh for <dnsop@ietfa.amsl.com>; Tue, 12 Jul 2016 04:00:23 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ECA812D0A2 for <dnsop@ietf.org>; Tue, 12 Jul 2016 04:00:23 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3rpfBX1HRRzL1H; Tue, 12 Jul 2016 13:00:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1468321220; bh=BbMgmvfzG8V3hI2DcEj85AKEizBWY5NSxILslTH5LJA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=SK5ijhP2NK2aUWLxSC1H6R3p2ajRdyWRZUlDAOvsamm0Do2/7bNdN/mqFlUCVzS7D Bn18kEyrRrqZnxotS0KMkCBwe1CFWrzgEzJsBz6oRl/LmrAp8B0yrRs89AOyCSJrtS b2M1wWM6Ixej9vifHSzMZ59SAyQU+060mJhPnmWM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id J1wpQuADvH2y; Tue, 12 Jul 2016 13:00:18 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 12 Jul 2016 13:00:18 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id BC988393D69; Tue, 12 Jul 2016 07:00:17 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca BC988393D69
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A7D32415FC87; Tue, 12 Jul 2016 07:00:17 -0400 (EDT)
Date: Tue, 12 Jul 2016 07:00:17 -0400
From: Paul Wouters <paul@nohats.ca>
To: Tim Wicinski <tjw.ietf@gmail.com>
In-Reply-To: <e5c97630-a11f-0c93-8f4b-482764c85f71@gmail.com>
Message-ID: <alpine.LRH.2.20.1607120652001.11932@bofh.nohats.ca>
References: <e5c97630-a11f-0c93-8f4b-482764c85f71@gmail.com>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/g3VzrvNmTV5sNvTlYSQhIRzfN1g>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Call for Adoption: draft-song-dns-wireformat-http
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 11:00:26 -0000

On Mon, 11 Jul 2016, Tim Wicinski wrote:

> The draft is available here:
> https://datatracker.ietf.org/doc/draft-song-dns-wireformat-http/
>
> Please review this draft to see if you think it is suitable for adoption by 
> DNSOP, and comments to the list, clearly stating your view.

I am very hesitant to accept any protocol-over-http wrapper, as it just
moves the problem around and generate a new set of middleware boxes that
mess with the data.

I think RFC 7858 is fine for mistakenly broken networks. The only
advantage of this method is to work around administrative blocks. And
that's a rat-race with middle boxes.

There is also a bootstrap issue. if you can use the local DNS to get to
the webserver for DNS-over-HTTP then the local DNS can prevent you from
resolving it. If you hardcode the IP they can blacklist known servers.
And they can transparent proxy your requests to prevent you from using
it anyway. So it's not even that good to work around administrative
blocks.

So I am not convinced of the use case compared to RFC 7858.

Paul

v2.30.2 | Report a Bug | By Email | System Status