Re: [Doh] [Ext] Re: Associating a DoH server with a resolver

Paul Hoffman <> Wed, 24 October 2018 01:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 07ACF12DD85 for <>; Tue, 23 Oct 2018 18:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 53jNq2NkKNtl for <>; Tue, 23 Oct 2018 18:12:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 39E23128CE4 for <>; Tue, 23 Oct 2018 18:12:12 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 23 Oct 2018 18:12:10 -0700
Received: from ([]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([]) with mapi id 15.00.1367.000; Tue, 23 Oct 2018 18:12:10 -0700
From: Paul Hoffman <>
To: Martin Thomson <>
CC: DoH WG <>
Thread-Topic: [Ext] Re: [Doh] Associating a DoH server with a resolver
Thread-Index: AQHUaw0rsD7rsPjFwE2sWEnE1v4NXKUuC2aAgAABBIA=
Date: Wed, 24 Oct 2018 01:12:09 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/signed; boundary="Apple-Mail=_7990F306-232F-4355-8762-86E295481BB2"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Oct 2018 01:12:15 -0000

On Oct 23, 2018, at 6:08 PM, Martin Thomson <> wrote:
> Why do the IP-based spelunking?  It requires that the resolver (which
> might not be a DoH server) do HTTP as well.  Can't you define a record
> that could be placed at the name?  I hesitate
> to say TXT, but I can't think of a good reason not to use that in this
> case.  Multiple such records could identify different DNS-over-foo
> variants.

Given the offline comments I'm getting similar to this one, I did not emphasize this enough in the draft.

There is no way for an application like a browser to send a query through the OS for anything other than address records. That is, gethostbyname() and its equivalents only pass back address records. Even if an application had its own DNS stack to make queries for other RRtypes, it doesn't have any way to know where to send them to.

If I'm wrong about the above, that's great, because we could certainly simplify the way that Martin suggests above or that I had in earlier versions of the draft.

--Paul Hoffman