Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)

Dave Lawrence <> Wed, 13 June 2018 04:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A0FD9130DE2 for <>; Tue, 12 Jun 2018 21:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7_RY0obdeMfq for <>; Tue, 12 Jun 2018 21:17:51 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 94E7F130E5F for <>; Tue, 12 Jun 2018 21:17:51 -0700 (PDT)
Received: by (Postfix, from userid 102) id D4CCE2F69A; Wed, 13 Jun 2018 00:17:50 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <>
Date: Wed, 13 Jun 2018 00:17:50 -0400
From: Dave Lawrence <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
Archived-At: <>
Subject: Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Jun 2018 04:17:55 -0000

Ray Bellis writes:
> I do think it would be helpful to consider in more detail where DOH is
> expected to sit in the DNS architecture.
> Is it going to be a new "first class" transport (sic) protocol, or is it
> merely a tunneling protocol for carrying DNS messages whose sole purpose
> is to provide interworking for those that cannot use the "normal"
> transport protocols because either a) there's a stoopid middlebox in the
> way, or b) they're a web client ?

There's no way you'll be able to keep the genie in the bottle of
"merely a tunneling protocol".

There are already indications from people who want to leverage it to
provide DNS response delivery without involving the traditional
resolution path.  Some of them stated quite clearly at the first DoH
BoF that they really weren't even interested in working on it if it
was just going to be merely a tunneling protocol.

It isn't clear to me how you could meaningfully restrict it from being
a "'first class' transport".  Fiat declaration sure wouldn't do it.