Return-Path: <nusenu-lists@riseup.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 385B2120366
 for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 11:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id iVAsUEpxZGTn for <doh@ietfa.amsl.com>;
 Thu, 11 Apr 2019 11:18:02 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 5776612030F
 for <doh@ietf.org>; Thu, 11 Apr 2019 11:18:02 -0700 (PDT)
Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id DE18B1B9202
 for <doh@ietf.org>; Thu, 11 Apr 2019 11:18:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1555006682; bh=dbj8S1X271A9wOgkVdq23kAIPx1nAqyFYXSTaiIpCw0=;
 h=To:References:From:Subject:Date:In-Reply-To:From;
 b=BX9k3BKpVIYOoQoR7ZJ0s1/RBkQ82iGhUM5sI0NYvBI2c5XdRBf+tv2ydizXC4av5
 RT0B2vMLJm8UJqGImTaXGLLfMq4p+9jUQYqNtzQjHLm16DIuyqc72kBJeDf0Pv132g
 uUztI4KMFx5bqUrzEMtC/cD/KsGt7C9+z2Zp8aLQ=
X-Riseup-User-ID: C7681DE33D841D10802BA66F211D8F4F7EB3CDF6A95852A7D18ADBD1023D7873
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by capuchin.riseup.net (Postfix) with ESMTPSA id BB015120CAB
 for <doh@ietf.org>; Thu, 11 Apr 2019 11:18:00 -0700 (PDT)
To: doh@ietf.org
References: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
From: nusenu <nusenu-lists@riseup.net>
Openpgp: preference=signencrypt
Autocrypt: addr=nusenu-lists@riseup.net; prefer-encrypt=mutual; keydata=
 xsFNBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs
 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM
 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2
 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E
 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE
 kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1
 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6
 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh
 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y
 Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABzSBudXNlbnUgPG51
 c2VudS1saXN0c0ByaXNldXAubmV0PsLBfQQTAQgAJwUCWPneBQIbAwUJBaOagAULCQgHAgYV
 CAkKCwIEFgIDAQIeAQIXgAAKCRCtYTjCRc1Cfq/kD/sHx+mnL6OLwJvBj1rVTyoHJYJARajz
 Go0yRlbrZSH6Z05OD3SDR9UVpWOZeY8JyFoTyCFQjAbIVjKifj0uSmi0j1iahrAgGGfik0cN
 XUkCxrW6jcJQ37EbvYWu4PryqLuC7IeQW1wCcB1ioyGYKkm2K6LZ9rzZPVYSmPohJ+gVI0Jt
 EdlNZl4JuZot9eA5w/22uvcStQHzXDsUxfqK8OAJpU8E3iBBdNpLPMDWpFz4g2yw5PD6jZ+K
 Q39PYMUFULaKe4YCw1O+0MFhZJI4KEcRYHuVy1b3cJjxzgVfEyFctLDsO1sh07vBhoVKUi8W
 e00pvGtv8QYxxMYIA3iACbsjGEr69GvvZ2pAnu9vT9OUCaES4riDCxbkMxK/Cbwk8F6mo0eq
 HDQ7sOZWQv81ncdG9ovlA7Pj96cEXgdtbbllF1aUZ8sAmT14YjGzhArGv7kyJ1imH5tX3OXk
 hBGA9JTk2mDNjEpFaTEajSvDiKyeEhWNTLm15siWkpg1124yjUkhQ3OCkw7aUDMiVn8+DQHo
 J2pP/84uUvngbhm1jV7nk8mxTUFgppUePkb5hhnRRzeK72QY00EwRdn7qnpNgijMJ3Fpjfy2
 EeCEl3nNdcB7U0F+0ijA6P/+DROldxNr4eiP50RvV8XiW/yi2IkKBk50GNB87yYnDETxxx/c
 2i00AM7BTQRY+d4FARAAwJZ6U7UT8uB1WCfLK3AOR1Wa9bzOAghlTR4WXbHB4ajQKG7/Fzud
 99bnwD0V3/AOVz/SbGDyHe+7HMvd1A0Ll4NgyH6OpxY7wOwCXAYTAbcXLpM7eKTjjsb9A9XG
 3FcIGvjcy76OkaewqhiABaShlStEYcPkRusHZuecXtCnfCjJKihU/kinWpBO9gY6SrF2KFCw
 aeS4r37brXQ9y8uy3gZ168QFuIa5AKfL0r5YN3k4StNSA2p5Z/pufWXMN3B03QC+3fireiz3
 dinlHK6XjUW8oWSdNxJhexT/lUw+episNuWTQruy7PD+HeohYGXqjggmPUiWc171Sewb2f8H
 CHViHMee8QXqo/LSRkYVrtsx0HUSMKsVQOma/u2By03ucroIkQJQQfqX3YpK1i3EpUO2L0/m
 E8UpBvUm1vrst54EFym4tYNJTj9reVffFKh2cczmPVN5o8v3RrdTF96mGtcb9EJbGV4277ZE
 LqUspviEBXynqU3yZ48JhIWHj22/ha6TeBpapYZDOJ8lePed8E34J/GYE2YXl65LhpXAKvWz
 O3KiByGMysb9Li6zqZ9/BYQtg5CA6Q8Oo7pBxK4iiDH3GX2WvymmLoaOBpOaIYdvKr39fajE
 mzfbg7TdZKXxqp2KDrbw7vUJLDyrmPWpxHyhKHItzoi1Y59wzYSq3h0AEQEAAcLBZQQYAQgA
 DwUCWPneBQIbDAUJBaOagAAKCRCtYTjCRc1CfpfgEAC3tXZzhgKbF6fx5gMNDp/9MBpialvu
 k69UaGL3HUqM0/ytiT4FjYUmOK2mk37iop46GivsOC50PykG9gjbg9/QKUqgsZzJ8LJ+ldY4
 /GKtiP5JoO59Obj8MJJ5Ta8yPfZiiNx/I8ydqd18E4PmQUCPlEKhett81t3+8R/mGwG72TaA
 hHwDjZAEjiXdnXh+z0AKpflCnYQafq0V73ofzuw4KovpJWMk/WPs5oSHhuV4TZ8nRkF6BR4y
 rEvs1kq8Y6DuNqQGwY3yilpnmqfMzzlWo7MlY657domU54bhGOsvNuZZsFDlcBczQo6h9OKq
 ckkVHUMAw38pX+EghzEfhYVWYmLNv5G9TA/M2s3frO3aN7ukNDq7CKIwfVz71/VfPaLQMY7/
 jirzp9yIBZEi4E+PwP38FAGiD+nxzuUJv1rvxf6koqUGoHRvdppju2JLrC2nKW0La7RX7uZJ
 esCVkamT/XaXPROBTrZZqwbIXh2uSMzgXkC2mE1dsBf2rdsJ4y73+0DYq7YE52OV9MNoCYLH
 vpkapmD00svsP4sskRsrquPHkBBVCJa22lTaS8Oow9hGQe7BDjEhsVoPol889F0mbTRb3klv
 mGQ6/B/HA0pGWR9wISY8a7D40/qz6eE6+Yg22mtN1T8FFlNbyVmtBj0R/2HfJYhGBElLPefH
 jhF0TA==
Message-ID: <631dbbb0-99e4-8828-9451-870b19f0a184@riseup.net>
Date: Thu, 11 Apr 2019 18:17:00 +0000
MIME-Version: 1.0
In-Reply-To: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="FsQfWf6FnUaEzgBLb5YiPfPplW6O2V3zq"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/AJNuHvhTZTNO3Ev9Cif4zOT3eNo>
Subject: Re: [Doh] Dedicated DoH port
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>,
 <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>,
 <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 18:18:04 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FsQfWf6FnUaEzgBLb5YiPfPplW6O2V3zq
Content-Type: multipart/mixed; boundary="AfvnkEs4R21chxzaCjhfgc17Y8kJKu5MQ";
 protected-headers="v1"
From: nusenu <nusenu-lists@riseup.net>
To: doh@ietf.org
Message-ID: <631dbbb0-99e4-8828-9451-870b19f0a184@riseup.net>
Subject: Re: Dedicated DoH port
References: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
In-Reply-To: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>

--AfvnkEs4R21chxzaCjhfgc17Y8kJKu5MQ
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable



Tomas Krizek:
> If an admin is already running an https service on the machine, the
> clash with DoH resolver can be quite problematic. In best case scenario=
,
> the admin runs into an error (not able to bind to port 443 - quite
> cryptical for someone trying to run DNS resolver who's not up to date
> about DoH development).=20

I assume knot-resolver will not enable DoH by default anyway and so
it is an explicit step by the administrator to enable DoH, right?
In that case the administrator will read your documentation on how=20
to enable the DoH listener and that could say that it uses HTTPS
and HTTPS is on 443.

> Since there is currently no IANA assigned DoH port, I've filed the
> following user port request with IANA to establish a common default tha=
t
> could be used among DNS vendors.
>=20
> Service Name:         [domain-doh]
> Desired Port Number:  [44353]
> Description:          [DNS query-response protocol over HTTPS]
Since DNS-over-HTTPS is specified to use HTTPS as transport
and 443 has been assigned for HTTPS, I think it would cause more confusio=
n
to assign an additional port since it is still HTTPS.

44353 would be "default DoH port in knot-resolver"
but not "DNS-over-HTTPS" as per RFC8484.

I understand your motivation behind it but I believe
documentation should cover most of the issue and if you really want
to avoid starting if there is something else already binding on
that port you could detect that at startup and refuse to start, no?



--=20
https://twitter.com/nusenu_
https://mastodon.social/@nusenu


--AfvnkEs4R21chxzaCjhfgc17Y8kJKu5MQ--

--FsQfWf6FnUaEzgBLb5YiPfPplW6O2V3zq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElpDPH7u0KYWVTfK7rWE4wkXNQn4FAlyvhNMACgkQrWE4wkXN
Qn4GAw//ZTOJBOM7+OQKwArcuocNfOwgYie5vwz8uq1VPA9j2jLDnvshib7yJ8qN
I0cuCwEMLzYf0MnHV5RjlP3aDVoaDb/0oes2PLQSozQEC6J1cZU87dsxOLdsV3af
xtJJHpO4uyQmCp7cE1NeoxamnpB0cbrUGNEAf8kOSgppkAKSN/3l0qwrT7+Dw0XT
4TQGqHUGEJiRPARTR+uZOMy71B10ebyuVJCCGDSUSbgBFoxN/mTKYlJAsPB1N952
/pOn1dvQv/nAP1gw4tlh+dm+aWQOZZzNy/N0sJcaDjT6eKNJhdfh6c/QnA895PdT
bfu90DQ45qBRd4PfzGDrghlAOJWYM3JRNdfCFuJkNElctx+NFKoGAmH2vbqeiGB8
yH9JyogRTTXzThMB/zPO7qtijzA2EFrTJVA4neYbe3wsS/K/3iRCKfVToeZl9Ak2
wvmBAUs6w+Oan9FCDAMG0PiK7hVO/cyZ3SDyUhGsent19QZKqNyf5JMz0Sz6SAcN
DwpI23RjnYco077s0iiB/wV6wiUi5wchjUQRfzK3RH4qJEz71cSDzV0cFdLH41+G
U1JMYuOTmnS/T/PA6vBabTWu+nLD9AVXR5qpzVnHtua6gksvRb8PO+VXtdUh508F
LNy/VgyiHzvXAiDiDYTkKRw/Z2I5jQyy+hykNxYEM/8jknMZweA=
=2C8c
-----END PGP SIGNATURE-----

--FsQfWf6FnUaEzgBLb5YiPfPplW6O2V3zq--