Re: [Doh] Dedicated DoH port

Jim Reid <jim@rfc1035.com> Thu, 11 April 2019 18:11 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1069120366 for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 11:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5dZu9JfGAxW9 for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 11:11:02 -0700 (PDT)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2249112030F for <doh@ietf.org>; Thu, 11 Apr 2019 11:11:02 -0700 (PDT)
Received: from [10.46.0.104] (212-147-18-59.fix.access.vtx.ch [212.147.18.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id D9D69242109D; Thu, 11 Apr 2019 18:10:58 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
Date: Thu, 11 Apr 2019 19:10:57 +0100
Cc: doh@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <472EC8F4-A610-4FF1-825B-2427AEE31F25@rfc1035.com>
References: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
To: Tomas Krizek <tomas.krizek@nic.cz>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/-JJWJ4yeD2tIwIH6uy1SIeAORs8>
Subject: Re: [Doh] Dedicated DoH port
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 18:11:04 -0000


> On 11 Apr 2019, at 18:41, Tomas Krizek <tomas.krizek@nic.cz> wrote:
> 
> Since there is currently no IANA assigned DoH port, I've filed the
> following user port request with IANA to establish a common default that
> could be used among DNS vendors.
> 
> Service Name:         [domain-doh]
> Desired Port Number:  [44353]
> Description:          [DNS query-response protocol over HTTPS]

This seems a bit hasty. Perhaps there should be an I-D or RFC first? Allocating a port number from the well-known range might be a wiser choice than arbitrarily choosing 44353.

I'm not sure it's a good idea to allocate a port number just so someone can run a web server and DoH-capable DNS server on the same box. That's unlikely to be a common use case. Besides, the web server could just forward inbound DoH queries to port 53 over the loopback interface. Or something like that.

Another solution might be to update the current discovery draft to include an (optional?) port number as well as the IP address to use for DoH service.