Re: [Doh] operational considerations

Jim Reid <jim@rfc1035.com> Mon, 20 November 2017 22:01 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11D5612EAC6 for <doh@ietfa.amsl.com>; Mon, 20 Nov 2017 14:01:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ERpLvyAkE5C for <doh@ietfa.amsl.com>; Mon, 20 Nov 2017 14:01:12 -0800 (PST)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A89F71241F5 for <doh@ietf.org>; Mon, 20 Nov 2017 14:01:12 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id A8DB32420D43; Mon, 20 Nov 2017 22:01:10 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <CAOdDvNrp2_kgmvXhBqWTX-1e2jCZ8rQMSC6GSDbd1RKR4L1gsw@mail.gmail.com>
Date: Mon, 20 Nov 2017 22:01:10 +0000
Cc: Eliot Lear <lear@cisco.com>, DoH Working Group <doh@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C67D2FEF-1C37-4382-9CBC-4ADBD5F6F3C2@rfc1035.com>
References: <60b879b8-d107-ec79-b2f1-357e354702e4@cisco.com> <CAOdDvNpuNhZF+966qUY8Sq4cfdrC-j_vFYoE9LT_jMRnWozgaQ@mail.gmail.com> <e1292551-21b7-802c-aec0-81eb7988fb80@cisco.com> <CAOdDvNqxytTf_Vf1QeKzi1D8qBi5VdxgeuZcFnEjefxNuLbfXg@mail.gmail.com> <468958c4-36b0-9567-4207-6c4ab4c48249@cisco.com> <CAOdDvNrp2_kgmvXhBqWTX-1e2jCZ8rQMSC6GSDbd1RKR4L1gsw@mail.gmail.com>
To: Patrick McManus <pmcmanus@mozilla.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/NqUR2R-do0N1o2zDAH1jA08YKKc>
Subject: Re: [Doh] operational considerations
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 22:01:14 -0000

> On 20 Nov 2017, at 21:44, Patrick McManus <pmcmanus@mozilla.com> wrote:
> 
> "Different DNS servers may provide different results to the same query. It logically follows that the server which is consulted influences the end result. Split-horizon DNS [RFC6950] is a specific example of this approach where the answers are derived from the source of the query. If a client selects a server that is unanticipated by this style of algorithm the response may be not be correct."

I don’t like this. Sorry. “Correct” is not the correct word to use here. I might query a split DNS server (or whatever) and get what would be the correct response for me. But if you queried that server, the answer could be wrong for you. But only you. “Algorithm” doesn’t seem right either since algorithms are not necessarily involved in determining what response a server returns. Algorithm kind of implies some sort of response rewriting and while that does happen, it’s not the only way that a server might return different answers.

Let’s simplify further. How about:

Local policy considerations and similar factors mean different DNS servers may provide different results to the same query: for instance in split DNS configurations [RFC6950]. It logically follows that the server which is queried can influence the end result. Therefore a client’s choice of resolving server may affect the responses it gets to its queries.