Re: [Doh] [Ext] DNS Camel thoughts: TC and message size

Andrew Sullivan <ajs@anvilwalrusden.com> Fri, 08 June 2018 22:17 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B966130EC7 for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 15:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=LFp1oPno; dkim=pass (1024-bit key) header.d=yitter.info header.b=mfQ13yAV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8_ByOo92Nz-8 for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 15:17:06 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99655130DC1 for <doh@ietf.org>; Fri, 8 Jun 2018 15:17:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 38382BDEF9 for <doh@ietf.org>; Fri, 8 Jun 2018 22:17:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528496225; bh=FRcOHXonWwBTL5OoJuvqz1thYHQ/yfog83Z7ACxHxAU=; h=Date:From:To:Subject:References:In-Reply-To:From; b=LFp1oPnoX7qJLYLJDOQIyl7L5VVQUNeA6uXcqerlYhOs24Lt1nQmBLShS65H68j7a hfchHAoVqaKoakgiaGWoU1qSa5++CD2ds4ivg8dgXAQ9lVXNv2GSE2h12xST8OWSsJ Yh9eKjd1rIYI3mQXL4cH7Fy6C2eTCGpfbCcpkKys=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syfYvZT8pHMK for <doh@ietf.org>; Fri, 8 Jun 2018 22:17:04 +0000 (UTC)
Date: Fri, 8 Jun 2018 18:17:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528496223; bh=FRcOHXonWwBTL5OoJuvqz1thYHQ/yfog83Z7ACxHxAU=; h=Date:From:To:Subject:References:In-Reply-To:From; b=mfQ13yAVh3Ld7GHI73M+fi1QGNJhfx2sdBcdXx298KiawEUKILcWfNCDuCDOnNsn1 K1CvfZmJ+4rvzRSiVtHbo98dwivQPsymdMcABOKuN6FpU+DY/VPXhN85qrjZCJ63i3 UF41CoAg0/c4dMROvg8WqTnuZguO0OLurKz8nGmk=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: doh@ietf.org
Message-ID: <20180608221700.GC8515@mx4.yitter.info>
References: <CAOdDvNq9g3ghbg9fkfhP+ZA4-6E5oDNFCGo6NN9bydqUX76cLA@mail.gmail.com> <20180607093647.GB32326@server.ds9a.nl> <CAOdDvNriZDjU9yqUQjqN4fO84ENPWO3si-QePiKRgt+7VJVK0g@mail.gmail.com> <23321.27027.73356.94056@gro.dd.org> <CAOdDvNr=kLHPCtCHRx4=rpA1oDogQqdAJ0nR156BWABiFP_bzA@mail.gmail.com> <20180607215851.GA32738@server.ds9a.nl> <CAOdDvNqNpZ8fKPCO5sEqjROBHjg4wx-GGPMYSSynode10jeC0Q@mail.gmail.com> <9381B529-B2F4-459A-88EB-4410A4C4DB6F@mnot.net> <CAN6NTqxA4PcrtS_3umwGERLt9WPoX4p0a0u8pL-O2=CKKTBfyA@mail.gmail.com> <23322.62892.251560.128565@gro.dd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <23322.62892.251560.128565@gro.dd.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/4SSXdxD6Y28CO2xGUSaWvCXmyK8>
Subject: Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 22:17:08 -0000

On Fri, Jun 08, 2018 at 05:31:24PM -0400, Dave Lawrence wrote:

> I'm a DNS person

…

> Any software that is taking a DoH answer from an HTTPS channel is
> brand new software, not some legacy problem that we have to worry
> about.

I am surprised to see those two claims in the same email.  It is
certainly true that the part of the software that is talking to the
HTTPS channel is new.  I am way less convinced that the rest of it
will be, particularly when the draft explicitly says, "The integration
with HTTP provides a transport suitable for both existing DNS
clients…." 

> If it imposes size limits before passing it on to whatever
> legacy code it wants to pass it on to, so be it.  The new software
> shouldn't be just blindly passing whatever data it gets into some
> legacy parser anyway, especially if the draft comes with an
> admonishment to be wary of that very thing.

Yeah, I'd be much less concerned about if the draft gave those
warnings.  But I also think such warnings will give the lie to the
claim I quoted above.

> it can't send over faithfully DNS/UDP or DNS/TCP.  Clearly some legacy
> software is already cognizant of things that should be representable
> in DNS wire format but just can't be because of a legacy transport
> limit.

Sure.  And some legacy software deals with EDNS version numbers
correctly, but some does not.  And some legacy software checks for
poison, and some does not.  And some legacy software spits up on
well-formed RRTYPEs it does not know about, and some does not.  We
have _a lot_ of stuff in the DNS that we have worked around because
it's basic infrastructure of the Internet.  I am by no means opposed
to this WG saying, "We're the new transport, and we're Doing It Right,
and broken stuff can all be broken."  But we need to carry that bag
in through the front door.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com