Re: [Doh] A question on the mix of DNS and HTTP semantics

Patrick McManus <pmcmanus@mozilla.com> Sun, 18 March 2018 12:19 UTC

Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F171270A7 for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 05:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsJUB1-nhE_t for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 05:19:12 -0700 (PDT)
Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id 54F5612704A for <doh@ietf.org>; Sun, 18 Mar 2018 05:19:12 -0700 (PDT)
Received: from mail-oi0-f49.google.com (mail-oi0-f49.google.com [209.85.218.49]) by linode64.ducksong.com (Postfix) with ESMTPSA id D7B463A060 for <doh@ietf.org>; Sun, 18 Mar 2018 08:19:11 -0400 (EDT)
Received: by mail-oi0-f49.google.com with SMTP id e9so12189374oii.0 for <doh@ietf.org>; Sun, 18 Mar 2018 05:19:11 -0700 (PDT)
X-Gm-Message-State: AElRT7HDiYHpjyfWEQFF47BiGqNWFyNB16doxZIFg5LZB+3XNabOGsvJ yScU9CPxy/dkhh/Xbfw20P4RByDEU0OGtEPfCok=
X-Google-Smtp-Source: AG47ELtl8duZmrnMq5FBFVgpbHt3MThTFJH5WFWdNEhH6zSC7Zvp0fMIO3jTcELqK64fpVTiDFrjGHEoUhwidDLp3Kg=
X-Received: by 10.202.3.198 with SMTP id 189mr4676669oid.132.1521375551478; Sun, 18 Mar 2018 05:19:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.66.212 with HTTP; Sun, 18 Mar 2018 05:19:10 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.11.1803181052000.16965@grey.csi.cam.ac.uk>
References: <CA+9kkMB7awRfW9jUmY9Q-1p+w3VLtpG5DxhF3s7Q58nEMZeX3w@mail.gmail.com> <alpine.DEB.2.11.1803181007050.16965@grey.csi.cam.ac.uk> <CAOdDvNpeLRcFZGop7uEVMsJuvD8GFk4UCauEh+90LtR27O8bwA@mail.gmail.com> <alpine.DEB.2.11.1803181052000.16965@grey.csi.cam.ac.uk>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Sun, 18 Mar 2018 12:19:10 +0000
X-Gmail-Original-Message-ID: <CAOdDvNoxkXzcjxf9NWMn5=569agcKOeNh=NYcrTb74W0yXR8JA@mail.gmail.com>
Message-ID: <CAOdDvNoxkXzcjxf9NWMn5=569agcKOeNh=NYcrTb74W0yXR8JA@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Ted Hardie <ted.ietf@gmail.com>, doh@ietf.org
Content-Type: multipart/alternative; boundary="001a11c0463c50e3f20567aed925"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/G_s9vGtFrY2drWTK6pbbvK8Te04>
Subject: Re: [Doh] A question on the mix of DNS and HTTP semantics
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 12:19:14 -0000

On Sun, Mar 18, 2018 at 11:03 AM, Tony Finch <dot@dotat.at>; wrote:

> Patrick McManus <pmcmanus@mozilla.com>; wrote:
> >
> Right, that makes sense. Regarding "more than one way to express
> something", the DoH draft describes two fairly specific ways to express a
> DoH request, so it seems to me that it would be right to be equally
> specific about the error cases, as well as the success case.
>

The subtlety here is that the response the DoH client consumes is not
necessarily generated by the DoH server - it might be some other HTTP
server in the chain. For instance, a cache/LB front end like Apache Traffic
Server might, instead of routing directly to the DoH server, send back a
redirect or a 401 or a 5xx if its just overloaded beyond hope. That's all
valid HTTP behavior in reaction to valid HTTP request by an entity that
isn't particularly DoH aware (that's the point of using HTTP!) - so you
aren't going to get it to constrain its responses in anyway more specific
than HTTP itself requires.