Re: [Doh] meta qtypes

Tony Finch <dot@dotat.at> Mon, 19 March 2018 14:24 UTC

Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F604127077 for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 07:24:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxZcx24WgvMw for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 07:24:55 -0700 (PDT)
Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A609D1204DA for <doh@ietf.org>; Mon, 19 Mar 2018 07:24:55 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:39292) by ppsw-30.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1exviV-000T9i-dM (Exim 4.89_2) (return-path <dot@dotat.at>); Mon, 19 Mar 2018 14:24:51 +0000
Date: Mon, 19 Mar 2018 14:24:50 +0000
From: Tony Finch <dot@dotat.at>
To: Tom Pusateri <pusateri@bangj.com>
cc: Miek Gieben <miek@miek.nl>, Ólafur Guðmundsson <olafur@cloudflare.com>, DoH WG <doh@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>
In-Reply-To: <16CD849A-55B3-487C-A370-CA96FF619BC3@bangj.com>
Message-ID: <alpine.DEB.2.11.1803191408010.20806@grey.csi.cam.ac.uk>
References: <20180318143811.bn5kwr7oqo2ux6qm@miek.nl> <CAOdDvNoNN98zOuPAepS0=0Nt06+UAGV1ZCrxs0J2TzQaVnJz8w@mail.gmail.com> <CAN6NTqwA+Ub22Ajr_RGGh2+32aMMUMcKnPdUrUpkk8zF6TBn1Q@mail.gmail.com> <20180319131134.46hjo2eo757jqe7d@miek.nl> <16CD849A-55B3-487C-A370-CA96FF619BC3@bangj.com>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1870870841-2022160737-1521469491=:20806"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/52nWKe1gtT9_8jgX52pjDurARJA>
Subject: Re: [Doh] meta qtypes
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 14:24:57 -0000

Tom Pusateri <pusateri@bangj.com> wrote:

> No, please don’t prevent DNS Stateful Operations from working which is
> in Last Call and uses a new Opcode.

The way I would like a DoH proxy to work is to have a pool of
persistent TCP connections from the proxy to the DNS server; the proxy
would then multiplex queries from HTTPS onto the backend TCP connections
with no particular coupling between client TLS connections and backend
TCP connections.

The problem with AXFR is the response is multiple messages, and it takes
over the connection, so it doesn't fit into my proxy model, nor does it
fit into the udpwireformat media type.

Stateful options have a similar problem. Really, the state of the backend
connection belongs to the proxy, not to the https client.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Malin: East, becoming variable 3 or 4, occasionally 5 at first. Slight or
moderate. Fair. Good.