Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh

Tony Finch <> Wed, 23 January 2019 13:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DD19E12DF71 for <>; Wed, 23 Jan 2019 05:23:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.19
X-Spam-Status: No, score=-4.19 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CWBnUXIn9F40 for <>; Wed, 23 Jan 2019 05:23:48 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AD59B12D84C for <>; Wed, 23 Jan 2019 05:23:48 -0800 (PST)
X-Cam-AntiVirus: no malware found
Received: from ([]:51234) by ( []:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gmIVJ-000gd5-2E (Exim 4.91) (return-path <>); Wed, 23 Jan 2019 13:23:41 +0000
Date: Wed, 23 Jan 2019 13:23:41 +0000
From: Tony Finch <>
To: Daniel Stenberg <>
cc: Paul Hoffman <>, DoH WG <>
In-Reply-To: <>
Message-ID: <>
References: <> <>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Archived-At: <>
Subject: Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 23 Jan 2019 13:23:51 -0000

Daniel Stenberg <> wrote:
> For me, one of the key elements and features with DoH is that I as a user have
> picked a DNS provider I decide to trust. Be it a global CDN provider or my own
> cloud instance. Any other way, with the ISP or my local network admins telling
> me what server to use, is a major setback in my view.

As a University DNS admin, I provide DoH to my users so that they can do
interesting things with it. I'm not going to provide DoH to the world
because it would cost too much effort. And people on our network
ultimately have to use my servers because of all our private names and
addresses. I'm not against them using other servers for off-site names
(after all they can usually just use their mobile provider instead) but
there should at least be a way for their device to automatically locate a
local DNS server with a transport it likes.

f.anthony.n.finch  <>
each generation is responsible for the fate of our planet