Re: [Doh] No truncation for DNS over HTTPS

manu tman <chantr4@gmail.com> Thu, 22 March 2018 13:28 UTC

Return-Path: <chantr4@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9197912D872 for <doh@ietfa.amsl.com>; Thu, 22 Mar 2018 06:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCehxdx1Ipwt for <doh@ietfa.amsl.com>; Thu, 22 Mar 2018 06:28:10 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2175D12D86E for <doh@ietf.org>; Thu, 22 Mar 2018 06:28:10 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id x205-v6so13147907lfa.0 for <doh@ietf.org>; Thu, 22 Mar 2018 06:28:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bwZh6D1+u6wgxvF4stmQesSQ1LCDk2b3oIQfU+VZoBU=; b=KuWiXWFoFGhVYEbnUMhfvgS8XNbPFfGK9wMDaWUIqQaKEOncM9eKCysWorac/w1Njk Yo/CWVHbRTRypU6jxE9S+dnCaExLPA2l5ZNCF27FjL7/oqqm3Jtjni/eQ7dJ5+mgKqGw G4bU5D/yCK4h7HV5fLwiTF1WngVXfzp9xjJIxRQMKIINHR43QBM3yWL14V42Xa9XZugU eSA8RhirIuk9KQhRnJP39UAQ+2Y38E/cORjaroURm2IE9K1MURlxDmXQqfrsfisYviN3 PAc+uP41SahBGTnPcibQJ9Bb1QXRFhQSM4qzRKOTvm+vwhqEsI9aoTnLpliGyi4f+dOg 4v8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bwZh6D1+u6wgxvF4stmQesSQ1LCDk2b3oIQfU+VZoBU=; b=RKxCkgkqbz1r7p1EwCpx7N58QKx+fcYvIXtcNKXZMGqkjcQ+6vagUoemnkOXxT6Vl0 6NSg2wEkbcqwbz8o+3y4fVYd0A+yKoOXEiShbYOwbIo4FSZvPOqpkhAKO04wrBXRLAzx KlyybqVT3C1e2pdZ0mLutBz0u7ldteSH8zrXqW0W2SrltapykM7KV5zNk0rmG94rvQcQ jL5pOiX9/ydMSdZuVwCShe4UbuQFG1cXzi/HRPiSsw0KHluMmzXnl352jKv9W1usyy/A P4EX8hkXRgSvBsMVUijWA12ajm+PtF2gecLUqxuH2Zs3A8V5jSPa29dL9a0ICmQuoLLi D3TA==
X-Gm-Message-State: AElRT7FFitGtnxouwvP/8jJZhVceBmC/63ICG6iMnU8GWUQ/OR1ZD2AU g+TTuXPi4g3Vg8DT6RVkYpELvYQTt2V7wbxRILPu10pD
X-Google-Smtp-Source: AG47ELskEm4LSwR2qExcK4HC/7MaZty1t74+/Tr0Bt1/b+wD0bgCYipDgLFL2iXWy3S+mQ1S7ViGfCx3TcytDp0y2Wk=
X-Received: by 10.46.91.21 with SMTP id p21mr13554268ljb.38.1521725288296; Thu, 22 Mar 2018 06:28:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a19:e34a:0:0:0:0:0 with HTTP; Thu, 22 Mar 2018 06:28:07 -0700 (PDT)
In-Reply-To: <CAArYzrK06Apq6dLX8jZrA5pZsPi949xhW1X7m2FBuEyLEztsVg@mail.gmail.com>
References: <CAAObRXJDV5Oa_d_S12HT2jqBuO=-AHOuMH8eKrac3BZ2bDxixw@mail.gmail.com> <a8949b7b-5717-6d63-af70-984894e6a571@bellis.me.uk> <CAArYzrK06Apq6dLX8jZrA5pZsPi949xhW1X7m2FBuEyLEztsVg@mail.gmail.com>
From: manu tman <chantr4@gmail.com>
Date: Thu, 22 Mar 2018 13:28:07 +0000
Message-ID: <CAArYzrKaf-=RM9402sgGe5U1Lh04P8xxydHnLiMssdvP3d98aA@mail.gmail.com>
To: Ray Bellis <ray@bellis.me.uk>
Cc: doh@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0d800c41395905680047d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/PJMKpUFEZFGJbHrkbZv2hOk4F8E>
Subject: Re: [Doh] No truncation for DNS over HTTPS
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 13:28:13 -0000

edit: fixing autocorrect....

There is not much the client can be doing with the TC bit here right. I
mean it is using tcp already. When proxying, IMO the proxy should be aware
of the TC bit and retry over TCP when it happens.
The client does not need to be aware of that. There would need to be some
involvement from the proxy in not just passing around a packet, but
actually introspect it a bit and make accurate decisions when this happens.

Manu

On Thu, Mar 22, 2018 at 10:31 AM, manu tman <chantr4@gmail.com> wrote:

>
> On Thu, Mar 22, 2018 at 10:24 AM Ray Bellis <ray@bellis.me.uk> wrote:
>
>> On 22/03/2018 09:20, Davey Song wrote:
>>
>> > Although the dns-udpwireformat MIME type was defined, the dns wireformat
>> > data should not be treated as a datagram encapsulted in a HTTPs header
>> > but a new byte stream over HTTPs (similar with DNS TCP usage). No
>> > truncation loop is needed. Peopole may take it for granted, but It
>> > should be explicitely mentioned in this draft.
>>
>> If the DNS API Server is proxying between DOH and a real UDP DNS server
>> then the UDP DNS server might still set the TC bit and the proxy could
>> return that, so the client may still have to cope with +TC.
>>
>> The alternative is that the proxy has to have sufficient smarts to
>> recognise the returned +TC and re-issue the request over TCP to the
>> backend DNS server.
>
>
> There is not much the client can be doing with the TC but here right. I
> mean it is using tcp already. When producing, IMO the proxy should be aware
> of the TC bit and retry over TCP when it happens.
> Manu
>
>>
>>
>> Ray
>>
>> _______________________________________________
>> Doh mailing list
>> Doh@ietf.org
>> https://www.ietf.org/mailman/listinfo/doh
>>
>