Re: [Doh] Associating a DoH server with a resolver

Todd Hubers <> Mon, 29 October 2018 09:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA80C130E36 for <>; Mon, 29 Oct 2018 02:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 44ovuoCxucJf for <>; Mon, 29 Oct 2018 02:47:59 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9A24F130E34 for <>; Mon, 29 Oct 2018 02:47:59 -0700 (PDT)
Received: by with SMTP id t10-v6so6664058eds.12 for <>; Mon, 29 Oct 2018 02:47:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T4sGF2x176tcC5hXX8IMkjuZ8njY6zZ7kFDEwMCUZB8=; b=rFqv4Wv2LCg3C+Sum9kUaLo9o/P4Agkl01thU6txwJ0/bgOJNRxBtzwHAfdc/28YYb COPJpAg8ymowTojHwYcER17Jvf3ud+fj8wXWm6kmcM+xzdQp1mDjE+gahQ1qcikYypgc MDQSq0j2iVLJ4mrYErCvxEw5FkgAGl/Gc9Wqe06l+2O0JNnjuePMv9B0AwOlQKq1xjRr TmqX6duZ3+W5309tJKXVyJe2q/5aA0eBJHs6zrpyhxEjHXC1TKM7AWuKEgGVYkW7+MZE L1Wfa+eatToC5j0M8Ogex3rNZwNHoZ6a3Ujw7JXKh3E2hSeQxP6S90+ZLFmyplIoYBL9 xUFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T4sGF2x176tcC5hXX8IMkjuZ8njY6zZ7kFDEwMCUZB8=; b=giL0vt/f1paMwfzTXdQ8n4+fcJ+Repp8QFeOPkHK0ZdHpabIgjSU/Ditb2DcfXqoa+ 9kY/Nl5ItZPULVmIkJu1OVUkaW7QsHxj0DeMARFSa+3Yb82y/WsANmpsGUvIlI6MN83X 5zKmHKYfs2bGCmB3iWA3P9H0fSPXhL0RCNk4YxQIZi/1WreRlYar7zavCwOCy1u11VAl SFWaWmWW9GQ/HJc4tVqAGrH2F/ii4PD0OY2RIZOT5moO6Vp77PM4T19e21svB+l4GVTu ZIk987bkZRWjdi4lTAIVDuXyRX+X2kHm2A12Eor0omQJWk4m4HJbY6m8dbn15ECqvGjp 4lEQ==
X-Gm-Message-State: AGRZ1gKJZfOG40Lm6qQjmN3Viwv/4/95Ef8UVIAcagi3d2Cy7AgWq2ve 8oT4lmcJmBnCle4PH659pjWftLTTnaB9IAnLibrkl5tVwMc=
X-Google-Smtp-Source: AJdET5e/MbZ/Smw5D2cRxQuX8fxUgrHJYDt0ri5QVfr722neiMAXwJjMclMIWELd7kgLt/vItwemsNcrDXtmJEUBUjo=
X-Received: by 2002:a50:9724:: with SMTP id c33-v6mr12781712edb.47.1540806477991; Mon, 29 Oct 2018 02:47:57 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Todd Hubers <>
Date: Mon, 29 Oct 2018 20:47:44 +1100
Message-ID: <>
Content-Type: multipart/alternative; boundary="000000000000c9d3c505795af66f"
Archived-At: <>
Subject: Re: [Doh] Associating a DoH server with a resolver
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Oct 2018 09:48:02 -0000


I have a longterm desire to develop a protocol for recursive service
discovery that works through a hierarchy of nested gateways. Primarily,
this is so applications can be more considerate of user's internet costs,
allowing the querying for information about the ISP service contract
boundaries and usage status; but I also foresee other uses as well. I am
planning to start incubating the idea in the research-working-group nmrg.

While it won't satisfy your needs today (and isn't guaranteed to become a
standard), perhaps you might find this worth your support? I won't go into
detail here and now, but you can find my message here


Todd Hubers

Software Engineer

On Mon, 29 Oct 2018 at 20:30, Kenji Baheux <kenjibaheux=> wrote:

> *Apologies for starting a new thread (maybe), I couldn't find a
> straightforward way of replying to a thread that pre-existed my
> subscription.*
> *tl;dr:* I'm involved with Chrome's DNS over HTTPS effort. While I
> haven't yet read the proposal and I could be missing some important
> context, I support the use case (i.e. facilitating the discovery of DoH
> support from an existing resolver).
> Paul Hoffman said:
> "I would want to hear that [*no browser vendor is interested in ways to
> find the DoH version of a resolver* (paraphrasing)] directly from the
> browser vendors before abandoning this work, particularly because we are
> hearing a lot of interest from organizations who want it."
> I'm involved with Chrome's DNS over HTTPS effort. We are considering a
> behavior where Chrome would identify if the user's existing DNS server
> supports DoH, and if so, then perform an automatic upgrade (TBD: silent or
> with an opt in/out prompt).
> Our short term approach is to have a list of known resolvers that support
> DoH and do the mapping internally. But, in the long run, this doesn't seems
> ideal. Also, for custom resolvers, it seems preferable to have an easy
> configuration path instead of the potentially cumbersome URL scheme +
> POST/GET choice?
> So, while I haven't read the proposal, and it's possible that I'm missing
> important context, I support the use case.
> --
> Kenji BAHEUX
> Product Manager - Chrome
> Google Japan
> _______________________________________________
> Doh mailing list

Todd Hubers