IETF Logo Mail Archive

Re: [DNSOP] Should we try to work on DNS over HTTP in dnsop?

Paul Vixie <vixie@tisf.net> Sun, 20 December 2015 20:19 UTC

Return-Path: <vixie@tisf.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007181B3003 for <dnsop@ietfa.amsl.com>; Sun, 20 Dec 2015 12:19:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TcMKz5cat8pB for <dnsop@ietfa.amsl.com>; Sun, 20 Dec 2015 12:19:48 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E74B1B3004 for <dnsop@ietf.org>; Sun, 20 Dec 2015 12:19:48 -0800 (PST)
Received: from linux-85bq.suse (unknown [24.104.150.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 726CF13B5C; Sun, 20 Dec 2015 20:19:48 +0000 (UTC)
From: Paul Vixie <vixie@tisf.net>
To: dnsop@ietf.org
Date: Sun, 20 Dec 2015 12:19:47 -0800
Message-ID: <2399375.F2Ysi4yhKb@linux-85bq.suse>
Organization: TISF
User-Agent: KMail/4.14.10 (Linux/4.1.13-5-default; KDE/4.14.10; x86_64; ; )
In-Reply-To: <20151218175619.44495.qmail@f5-external.bushwire.net>
References: <20151217020754.6915b71c@pallas.home.time-travellers.org> <2073641.PqY0vKhHzR@linux-85bq.suse> <20151218175619.44495.qmail@f5-external.bushwire.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="nextPart2088874.9W0AG7Mfdf"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/h9JFv9ci2BHJK7Pa417YkKqDB3c>
Cc: Mark Delany <f4t@november.emu.st>
Subject: Re: [DNSOP] Should we try to work on DNS over HTTP in dnsop?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2015 20:19:50 -0000

On Friday, December 18, 2015 05:56:19 PM Mark Delany wrote:
> > > That the request pipeline order doesn't necesarily match the response
> > > pipeline order is particularly unexpected in some protocols (and
> > > likely non-compliant), such as HTTP < 2.0
> > 
> On 17Dec15, Paul Vixie allegedly wrote:
> > i think this is opaque to the dns-over-http specification. that is, while
> > http may under its covers do all kinds of asynchronous things
> 
> I may not be being very clear or I may misunderstand. As far as
> implementation is concerned you are of course correct. As far as the
> semantics of the order of responses over HTTP, not so much.
> 
> What I was getting at is that a dns-over-http client can pipeline send
> request id=1 then request id=2 and get back pipelined response id=2
> then response id=1 over a single connection:
> 
> Client                    Server
>  Request id=1  ---->
>  Request id=2  ---->
> 
> .. time passes
> 
>              <---- Response id=2
>              <---- Response id=1
> 
> That is, a dns-over-http client has to do more elaborate
> request/response matching with id (+query RR) rather than rely on
> submit order for matching.

http reordering would be handled at the http layer. for example, in libcurl. if the http protocol 
agent decides to transmit multiple outstanding queries on a single tcp socket, then it will use 
its own methods to match up the eventual responses to the then-outstanding requests. 

while the following internet draft is expired, it explains these issues well, including the 
background, and the relationship to persistent connections:

https://tools.ietf.org/html/draft-mogul-http-ooo-00

however, i think that while pipelining is standardized...

https://en.wikipedia.org/wiki/HTTP_pipelining

...the responses will be in order, unless you open multiple TCP sessions.

> This re-ordering of responses is not allowed in regular HTTP 1.* and
> would almost certainly break common HTTP clients that expect pipeline
> order to be maintained.
> 
> I'm not saying this is good or bad, just saying it's an important
> topic for any dns-over-*stream* protocol to discuss. Least surprise
> and all that.

any discussion of out-of-order HTTP responses would have to explain how to match up 
responses with requests, as mogul's expired draft does above. since DNS-over-HTTP does not 
call for out-of-order HTTP responses, it does not have to explain how to match up responses 
with requests.

-- 
P. Vixie

v2.23.0 | Report a Bug | By Email