Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
Martin Thomson <martin.thomson@gmail.com> Wed, 24 October 2018 01:22 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4E1128CE4 for <doh@ietfa.amsl.com>; Tue, 23 Oct 2018 18:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXH7M1L7qBhw for <doh@ietfa.amsl.com>; Tue, 23 Oct 2018 18:22:23 -0700 (PDT)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAA12128CB7 for <doh@ietf.org>; Tue, 23 Oct 2018 18:22:22 -0700 (PDT)
Received: by mail-oi1-x22c.google.com with SMTP id 20-v6so2753915oip.1 for <doh@ietf.org>; Tue, 23 Oct 2018 18:22:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0nUsPyRqv5246YyKIQTNeUgrHYwuSIsFMctgEU0tTzU=; b=i1LrbormNCnEWQW6ES4n5THh3OzIhsdVCZg/C5Mm2T2aUfTw0cNU97G5VnKS5DtdIP pS34nr0MRkuj+/VldCMQ7tvPWqzneEThMw1o1iboouRU6VOkA4NvFdN1j6jlOFqn5Wvw ntyrHMVqxwe70by5HlJu8F+vKL7wAFx4clCzLHSdrbV91Bq0UOFWmzAaiVvNbRaGw96P ALcgUlizDNjlR9TxAlfN8AahzaoE6fy6j4sxCA2iDOn7NAWoWoWRK3m5P1UNRQf4UwJm a619znrwFZDOHZh+Fm6xPD1H9nrB7uhfixvgLmAYbudHtN6n5AHPW4WFJNyw8QFfIppf bGfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0nUsPyRqv5246YyKIQTNeUgrHYwuSIsFMctgEU0tTzU=; b=AB+QABkM/X51FxkcVSN3ShJ35jnETzg+thkocriavcygtQ5+W8W+p5HSkbG+vU40ST 55iAq2nXUpp1ncsZ4fBozXPahWhrNlpK6QCdcwVeFAvhW/7WchPvGuT43361NPI+0yRj AiYFGrUFKIywGJnUlcwfv8FCgW9WSP/057jAc7tVlzIVSVYDdgq3TOXz5aDfvImIFYby ZDqZ1MqkTnM0cuAQYKiyxkLlAHtYVqqnXmVR6UugX03/jZ5q3zzMr1YA0kLNUUtvHTuZ o5Jf/knjuo8il2F9/5D1u4QKytLNXlXA7SQ3EqrvwcHBpMA76ULwQeHx0LHM5L6m2kdM K1DA==
X-Gm-Message-State: AGRZ1gKljcNfXTQZsrL1eEqjgiJ3kjQ3kpN7L0PpQ9DeEx8AmrdUCEDx rFT9j8PFf/Q/aBI6mS1VZ4x+7CZbktMRWPiaQZnT1UYdIkE=
X-Google-Smtp-Source: AJdET5cy5MmHd+dWM5keB+zTYXUiug20OFrYZTgakBWs1xHL8TJsiyYs+hWT0J4HyFcDIecZRPWxqE4gRpBthfAQnFs=
X-Received: by 2002:aca:5452:: with SMTP id i79-v6mr321011oib.344.1540344142066; Tue, 23 Oct 2018 18:22:22 -0700 (PDT)
MIME-Version: 1.0
References: <02C39DFD-9550-447D-B00E-702B441A88BE@icann.org> <CABkgnnV2YMtcdOyMfE2NMH4L1ZbK4dcp1KQt3FttCfz-nfQd6A@mail.gmail.com> <C82FBB08-8DAA-4C50-8934-576596C2532F@icann.org>
In-Reply-To: <C82FBB08-8DAA-4C50-8934-576596C2532F@icann.org>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 24 Oct 2018 12:22:13 +1100
Message-ID: <CABkgnnVgZBp7bqv9u9iBbZAojQqbYAGWG54Ta5JKq_ycvaux1g@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: DoH WG <doh@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/C_aA1-cql-HvsTIf3Wfy8pqkjD4>
Subject: Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 01:22:25 -0000
On Wed, Oct 24, 2018 at 12:12 PM Paul Hoffman <paul.hoffman@icann.org> wrote: > There is no way for an application like a browser to send a query through the OS for anything other than address records. That is, gethostbyname() and its equivalents only pass back address records. Even if an application had its own DNS stack to make queries for other RRtypes, it doesn't have any way to know where to send them to. Well, resolver-addresses.arpa./IN/A(AAA) might still be useful for that then. That's not ideal, but I believe that there are ways to make queries for other record types that are more available now than perhaps there were in the past (see https://docs.microsoft.com/en-us/windows/desktop/api/windns/nf-windns-dnsquery_a for example). >> IP-based certificates [...] impossible to deploy in many cases (think of the many resolvers with 1918 addresses, for example). > > They don't make it "impossible" by a long shot. Plenty of resolvers, even corporate resolvers, have public addresses. True, it is probably still possible, but it's not like you can just use ACME to get the certificate. That's "possible" in theory, but I'm looking for practicable.
- [Doh] Associating a DoH server with a resolver Paul Hoffman
- Re: [Doh] Associating a DoH server with a resolver Hewitt, Rory
- Re: [Doh] Associating a DoH server with a resolver Ben Schwartz
- Re: [Doh] Associating a DoH server with a resolver Martin Thomson
- Re: [Doh] Associating a DoH server with a resolver Martin Thomson
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Associating a DoH server with a r… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Martin Thomson
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eric Rescorla
- Re: [Doh] [Ext] Re: Associating a DoH server with… Adam Roach
- Re: [Doh] [Ext] Associating a DoH server with a r… Tony Finch
- Re: [Doh] [Ext] Re: Associating a DoH server with… Patrick McManus
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Adam Roach
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eric Rescorla
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Christopher Wood
- Re: [Doh] [Ext] Associating a DoH server with a r… Jim Reid
- Re: [Doh] [Ext] Associating a DoH server with a r… Tony Finch
- Re: [Doh] [Ext] Associating a DoH server with a r… Paul Hoffman
- Re: [Doh] [Ext] Associating a DoH server with a r… Adam Roach
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eliot Lear
- Re: [Doh] Associating a DoH server with a resolver Kenji Baheux
- Re: [Doh] Associating a DoH server with a resolver Todd Hubers
- Re: [Doh] Associating a DoH server with a resolver Ted Lemon
- Re: [Doh] [Ext] Re: Associating a DoH server with… Erik Nygren
- Re: [Doh] [Ext] Re: Associating a DoH server with… Ben Schwartz