Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh

Daniel Stenberg <> Wed, 23 January 2019 14:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3073712DF71 for <>; Wed, 23 Jan 2019 06:17:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id d-begWjmYHS0 for <>; Wed, 23 Jan 2019 06:17:24 -0800 (PST)
Received: from ( [IPv6:2a00:1a28:1200:9::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 110CF128CE4 for <>; Wed, 23 Jan 2019 06:17:23 -0800 (PST)
Received: from (mail []) by (8.15.2/8.15.2/Debian-4) with ESMTPS id x0NEGr3c005171 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 23 Jan 2019 15:16:53 +0100
Received: from localhost (dast@localhost) by (8.15.2/8.15.2/Submit) with ESMTP id x0NEGrrk005160; Wed, 23 Jan 2019 15:16:53 +0100
X-Authentication-Warning: dast owned process doing -bs
Date: Wed, 23 Jan 2019 15:16:53 +0100 (CET)
From: Daniel Stenberg <>
To: Tony Finch <>
cc: Paul Hoffman <>, DoH WG <>
In-Reply-To: <>
Message-ID: <>
References: <> <> <>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <>
Subject: Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Jan 2019 14:17:26 -0000

On Wed, 23 Jan 2019, Tony Finch wrote:

> I'm not against them using other servers for off-site names (after all they 
> can usually just use their mobile provider instead) but there should at 
> least be a way for their device to automatically locate a local DNS server 
> with a transport it likes.

In this regard it is truly unfortunate that a user (application) can't tell if 
name is "local" or "remote" or perhaps which server it should ask for what 

While you want your users to use that local server that you announce to them, 
when I go to my coffee shop or visit a friend of mine I'd rather *not* use 
whatever local server they advertise...

Right now the only way a user can use both local private names as well as 
remote names is by telling one of the resolvers *all* names and hope that it 
fails for the one set it doesn't know of so that the client can switch over 
and use the other server for those names. Not ideal, for privacy reasons and