Re: [Doh] [Ext] a tad confused on response sizes

Andrew Sullivan <> Tue, 05 June 2018 16:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6D21B13110C for <>; Tue, 5 Jun 2018 09:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=ihYP9V+n; dkim=pass (1024-bit key) header.b=UQuBbUUl
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XqP8VsoChXdK for <>; Tue, 5 Jun 2018 09:43:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 31043126CB6 for <>; Tue, 5 Jun 2018 09:43:00 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 96E4BBDEF9 for <>; Tue, 5 Jun 2018 16:42:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1528216949; bh=/Uz/dbjn+tm+WUKkXC2VYEfRnBjbQdkxu6PwRASTWHQ=; h=Date:From:To:Subject:References:In-Reply-To:From; b=ihYP9V+n1QM7zNYmFsVFFUKxKBFddJ/9QxTl70+hd8pvY36gnlYxgodYM3qBoHMPb xmIsIFevVVw/c31A74MBuFZ4y+gKM7XoasRL9aeI01SyZ6KYwOWggZMlreKCAY0bY+ knzwiSNEZKOU7KeVnIyCM0H/fhNe9WiPPi2MYiLY=
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e0nbdP6Rz2Eb for <>; Tue, 5 Jun 2018 16:42:28 +0000 (UTC)
Date: Tue, 5 Jun 2018 12:42:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1528216948; bh=/Uz/dbjn+tm+WUKkXC2VYEfRnBjbQdkxu6PwRASTWHQ=; h=Date:From:To:Subject:References:In-Reply-To:From; b=UQuBbUUlAJYCfrgISxBkZ4lrdhwUA2CRKNrXZvho6eL2dJb7fG8fTbdqqFemlBKw2 vX3DffiIzC/yeG+KMAAASSBy4nQuxNfVCyaFBCdn8rl+DYCCViUzZEruZYvDOHdBLE zjmRysKMvpjEpKMvoSsR9mpIWOdL3KggNuSzHAwA=
From: Andrew Sullivan <>
Message-ID: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [Doh] [Ext] a tad confused on response sizes
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jun 2018 16:43:02 -0000

On Tue, Jun 05, 2018 at 05:13:36PM +0200, Stephane Bortzmeyer wrote:
> Clearly defined, but certainly not implemented
> everywhere. <vague>Many</vague> resolvers cannot retry over TCP.

Oh, for sure.  But I'm not trying to fault any document for developers
not implementing things :)  I'm just worried that this document
doesn't actually tell anyone what to do if they get such a bit, or if
it does I don't understand it.  (This could well be a failing in me,
please let me emphasise.)

> Practically speaking, for the RFC, what do you suggest? Forbidding TC?
> Then, what would the client do if it still receives one? (The point of
> DoH is to use DNS wire format, so a client has to be ready for
> anything which is legal DNS.)

I wonder whether the TC should be an indicator that the upstream
resolution process got a truncated response and was unable to fetch a
response that was not truncated.  In such a case, the DNS API client
can do whatever it would do in such cases otherwise.  (Some resolvers
in that case throw some kind of error, whereas others will happily
give you the truncated response and let you attempt to go ahead even
if you may well have poison, &c &c.)  I guess I don't have strong
feelings about the right answer, but I want the handling to be clear.


Andrew Sullivan