Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)

Daniel Stenberg <> Thu, 14 June 2018 08:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA0FD130EA5 for <>; Thu, 14 Jun 2018 01:14:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iQaD1kfI-l3E for <>; Thu, 14 Jun 2018 01:14:51 -0700 (PDT)
Received: from ( [IPv6:2a00:1a28:1200:9::2]) by (Postfix) with ESMTP id 25B4112F1AC for <>; Thu, 14 Jun 2018 01:14:50 -0700 (PDT)
Received: from (mail []) by (8.15.2/8.15.2/Debian-4) with ESMTPS id w5E8EjHp011254 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 14 Jun 2018 10:14:45 +0200
Received: from localhost (dast@localhost) by (8.15.2/8.15.2/Submit) with ESMTP id w5E8EiNM011247; Thu, 14 Jun 2018 10:14:44 +0200
X-Authentication-Warning: dast owned process doing -bs
Date: Thu, 14 Jun 2018 10:14:44 +0200 (CEST)
From: Daniel Stenberg <>
To: Mukund Sivaraman <>
cc: Patrick McManus <>, Ben Schwartz <>, =?ISO-8859-2?Q?Petr_=A9pa=E8ek?= <>, DoH WG <>
In-Reply-To: <20180614044113.GA27115@jurassic>
Message-ID: <>
References: <> <> <> <> <> <20180613192030.GA2792@jurassic> <> <20180613205637.GA23215@jurassic> <> <20180614042217.GA25915@jurassic> <20180614044113.GA27115@jurassic>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <>
Subject: Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Jun 2018 08:14:56 -0000

On Thu, 14 Jun 2018, Mukund Sivaraman wrote:

> The switch to DoH at the application layer seems suddenly upon us. I was 
> thinking of DoH just as a fallback transport, but suddenly it seems almost 
> like this is the new way to do DNS queries (a switch).

Users have wanted (and used) "name resolving in the application" layer since a 
long time in various situations. The fact that the standard operating system 
APIs make this hard has never taken away the desire or will for a lot of 
solutions to be able to ask their *preferred* resolvers. Why shouldn't 
applications be able to decide this?

1. DOH doesn't really change this property and 2. there's no DOH support in 
any system name resolver functions yet so there's no way to do DOH other than 
"yourself" at this point.

DOH is just a protocol to deliver DNS data. It can be used in several ways.