Re: [Doh] [Ext] A question on the mix of DNS and HTTP semantics

Mike Bishop <mbishop@evequefou.be> Mon, 19 March 2018 10:42 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12EE12D87A for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 03:42:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id beT73t8OkM_E for <doh@ietfa.amsl.com>; Mon, 19 Mar 2018 03:42:49 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0117.outbound.protection.outlook.com [104.47.36.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 423C512E038 for <doh@ietf.org>; Mon, 19 Mar 2018 03:42:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=noyJTaHlkNSoGPCj6bldZ0I0wZ+JfvFQyqMoDkIZf6s=; b=pnxBwVroSrI9XGPD6TuXaIrCz4fsMWeb9Mgau2gS3CrXzluA6+nqj0qfufzfXULLq0q8VjFSTsTZex920s75/YJofX9N0oAMmZGyWk8hJhtv4bDOmuDamVBYXa2XHPv5JIt/fiy1Hhp28+qvjRSI2kBz/hilVQEn/mFcutZwlbU=
Received: from SN1PR08MB1854.namprd08.prod.outlook.com (10.169.39.8) by SN1PR08MB1807.namprd08.prod.outlook.com (10.162.134.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Mon, 19 Mar 2018 10:42:42 +0000
Received: from SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9]) by SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9%13]) with mapi id 15.20.0588.016; Mon, 19 Mar 2018 10:42:42 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Paul Hoffman <paul.hoffman@icann.org>, Ted Hardie <ted.ietf@gmail.com>
CC: DoH WG <doh@ietf.org>
Thread-Topic: [Doh] [Ext] A question on the mix of DNS and HTTP semantics
Thread-Index: AQHTv2rVWIFyL1L2SkOraaHrAS9gW6PXXmXg
Date: Mon, 19 Mar 2018 10:42:42 +0000
Message-ID: <SN1PR08MB1854485BF319264F51D208C3DAD40@SN1PR08MB1854.namprd08.prod.outlook.com>
References: <CA+9kkMB7awRfW9jUmY9Q-1p+w3VLtpG5DxhF3s7Q58nEMZeX3w@mail.gmail.com> <20180318164307.GB6724@laperouse.bortzmeyer.org> <CAOdDvNr1GstB+g3pYi4w0bXuQ=Nz8HqgTRfWUX9TGu9YAYiz0w@mail.gmail.com> <CA+9kkMA733q3BPRbnN++0vwKrmOOCN8SBgknYwFaeEf2cvYikw@mail.gmail.com> <88AB1743-7270-4D72-8C70-0AB6B74416BD@icann.org>
In-Reply-To: <88AB1743-7270-4D72-8C70-0AB6B74416BD@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [31.133.157.41]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1807; 7:buRyP4qDMXNl3XAIv8X3OYXGZK/v40GwV9EPy/v0njHlg9joz4lT2OD5IkD8Qyf3d7EC1bnDMof79fhlOld2duxS5NvURBjSl7Eq27YXIyq25t1uy7+xPXuttZLg1+BYoDPxuXFExw3snNnD0KwNmN+vUE3ysHTJYUlSb15f13M45mkOSL8kV7CRwXjRS7jX1CZj0/DX4j07Aw3EW1e2PhoA5Nz/Xk6cxNoAyGHriQhCR/2z8qPYA8wcc22BbHmX
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 49e0275e-c3c4-4396-11c3-08d58d862508
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1807;
x-ms-traffictypediagnostic: SN1PR08MB1807:
x-microsoft-antispam-prvs: <SN1PR08MB1807DE4708953425629F97BDDAD40@SN1PR08MB1807.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158)(17755550239193);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231221)(944501300)(52105095)(10201501046)(3002001)(6041310)(20161123564045)(20161123560045)(2016111802025)(20161123562045)(20161123558120)(6072148)(6043046)(201708071742011); SRVR:SN1PR08MB1807; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1807;
x-forefront-prvs: 06167FAD59
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(366004)(39380400002)(376002)(346002)(396003)(13464003)(189003)(199004)(53936002)(33656002)(6436002)(5250100002)(229853002)(74482002)(6506007)(106356001)(316002)(9686003)(6246003)(55016002)(3846002)(93886005)(6116002)(110136005)(86362001)(8676002)(3660700001)(8936002)(26005)(186003)(81156014)(81166006)(5660300001)(66066001)(3280700002)(6306002)(7696005)(99286004)(105586002)(97736004)(4326008)(7736002)(76176011)(39060400002)(25786009)(2900100001)(14454004)(102836004)(966005)(2950100002)(305945005)(68736007)(53546011)(74316002)(2906002)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1807; H:SN1PR08MB1854.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 69+ipkqizST7CdC3SLS4QWXrWG3ppj5Ge8Hg/kFo3OjySN3xZr7quYMv77TItmxZ2EyjeRfozXfnbpvJY29ka7qnwLaxgzJAcbKBv2aanO1xiwJIxnx46oSQHMtUp7CRlt7e2TGlA5eJWH5UaKTU8PvW/TlEF28TLwV8r9wGDO4VUhvezvscGZSdMqiYsinb2g4BfYpymyLicW3tONaT/doxU17Sj+421UN472oHMWG+7HsMNt/Rn0JBqwwgAWE0gYYmhNIGjhhx6EH+1vzO5zQvcxkLyZK1FB75idWuHhecdVEnz9ynXmqbhLsQBXoQaO+2MUOrlzP/jD5TvkIWHg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 49e0275e-c3c4-4396-11c3-08d58d862508
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 10:42:42.8119 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1807
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/MNypXrIaL59xcKXjDDy1-ZQx4Fg>
Subject: Re: [Doh] [Ext] A question on the mix of DNS and HTTP semantics
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 10:42:59 -0000

There's a reasonable argument that if Content-Type is application/dns-udpwireformat, it should be processed by the DNS client regardless of the HTTP status code.  (And that a 200 with any other Content-Type is an error.)

-----Original Message-----
From: Doh <doh-bounces@ietf.org>; On Behalf Of Paul Hoffman
Sent: Monday, March 19, 2018 10:13 AM
To: Ted Hardie <ted.ietf@gmail.com>;
Cc: DoH WG <doh@ietf.org>;
Subject: Re: [Doh] [Ext] A question on the mix of DNS and HTTP semantics

On Mar 19, 2018, at 9:49 AM, Ted Hardie <ted.ietf@gmail.com>; wrote:
> The message body may not be able to answer this question completely, but it can clarify at the DNS level that this was REFUSED.  The semantics of that are much closer to 451's meaning than producing no DNS-level response at all (which maps to "query did not complete" if I understand it correctly).

Hopping up one level, I think you are describing a DOH server that inspects queries or responses and chooses to change the HTTP response to use a non-2xx code. That seems fine, but it also seems like you are saying that the DNS response inside that HTTP response should be understood by the client, and in a code-specific way. Is that a fair summary?

--Paul Hoffman
_______________________________________________
Doh mailing list
Doh@ietf.org
https://www.ietf.org/mailman/listinfo/doh