Re: [Doh] [Ext] New version: draft-ietf-doh-resolver-associated-doh-03.txt

Paul Hoffman <> Mon, 25 March 2019 15:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B56AE1203CB for <>; Mon, 25 Mar 2019 08:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l8HESLbaKAVo for <>; Mon, 25 Mar 2019 08:25:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EAD561203C5 for <>; Mon, 25 Mar 2019 08:25:48 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 25 Mar 2019 08:25:46 -0700
Received: from ([]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([]) with mapi id 15.00.1367.000; Mon, 25 Mar 2019 08:25:46 -0700
From: Paul Hoffman <>
To: Ralf Weber <>
CC: DoH WG <>
Thread-Topic: [Ext] [Doh] New version: draft-ietf-doh-resolver-associated-doh-03.txt
Thread-Index: AQHU4x8ESCmlJ+SFTkKwlZVf9bBsZQ==
Date: Mon, 25 Mar 2019 15:25:46 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Doh] [Ext] New version: draft-ietf-doh-resolver-associated-doh-03.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Mar 2019 15:25:51 -0000

On Mar 25, 2019, at 4:05 PM, Ralf Weber <> wrote:
> I have some questions after reading -03 (and skipping -02 ;-)
> - The resolver IP addresses returned from DNS on section 4 are these Do53 server addresses or DoH server address or are they just the IP to start the process in section 2 (maybe 3)?

They are the IP addresses of the Do53 resolver that the computer is using. I'll make that clearer in the next draft.

> - On section 3 a non compliant current server will return NXDomain. What are we going to do with this answer (treat is as no DoH associated)?

Yes, that was the intention. I'll clarify that.

>> As for the late discussion of using the URI RRtype instead of TXT, I would not know what to put in the "priority" and "weight" values. That alone seems enough reason to leave this as a TXT record, but others might disagree. It's not a lot of effort to change the text to the URI RRtype, but I don't want to do so unless it is actually better than TXT.
> Another option could be a new RRType, given that it doesn’t have to be provisioned on auth servers it should not be that difficult to roll it out. We still could use the special name or just ask .

I have been told that some OSs have "send a TXT request" API call, but I have not verified that. If so, then TXT records will have an advantage. Otherwise, using a new RRtype is cleaner.

Can someone who from the application implementation world verify or refute my hazy memory of API calls for TXT records?

--Paul Hoffman