Re: [Doh] meta-types, was Re: Proposal to close off these threads

Tony Finch <dot@dotat.at> Wed, 13 June 2018 13:28 UTC

Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655FF130E2A for <doh@ietfa.amsl.com>; Wed, 13 Jun 2018 06:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csYVZs6swZRz for <doh@ietfa.amsl.com>; Wed, 13 Jun 2018 06:28:49 -0700 (PDT)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [131.111.8.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED2F12777C for <doh@ietf.org>; Wed, 13 Jun 2018 06:28:49 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:41431) by ppsw-33.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.139]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1fT5pO-000nht-gt (Exim 4.91) (return-path <dot@dotat.at>); Wed, 13 Jun 2018 14:28:46 +0100
Date: Wed, 13 Jun 2018 14:28:46 +0100
From: Tony Finch <dot@dotat.at>
To: Patrick McManus <pmcmanus@mozilla.com>
cc: Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
In-Reply-To: <CAOdDvNrE8eLf-3Tvn69obDhqktxWGVtVfXv=aFrTkq42Fzfi3w@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1806131358250.916@grey.csi.cam.ac.uk>
References: <1D917C05-2B74-4607-9EE2-55D367FF48B5@icann.org> <20180610220841.GB16671@server.ds9a.nl> <CAOdDvNrXpyGTFmMHcF6Vnegku0Zmiw_LFb1VKm1O2mFgB3aHEw@mail.gmail.com> <FB8DBC78-4584-4133-AF1F-E0483C28224D@icann.org> <CAOdDvNoYYVEGC0Zsyd1m8sayuzZoW186gb4gmMojZzvYy6=6rw@mail.gmail.com> <alpine.DEB.2.11.1806111648580.10764@grey.csi.cam.ac.uk> <CAOdDvNoQW0p1XpYPQ0kpxyPJ5hrtcQEBMw0qZFsP7_Kc3do4cQ@mail.gmail.com> <alpine.DEB.2.11.1806121358580.916@grey.csi.cam.ac.uk> <CAOdDvNrE8eLf-3Tvn69obDhqktxWGVtVfXv=aFrTkq42Fzfi3w@mail.gmail.com>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/V8inT7O54R0dMO9u-fc-zlaNWZE>
Subject: Re: [Doh] meta-types, was Re: Proposal to close off these threads
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2018 13:28:53 -0000

Patrick McManus <pmcmanus@mozilla.com>; wrote:
>
> I would just argue that the situation you are describing is a HTTP error,
> not a DNS one. Let's assume a response that requires multiple messages -
> you've got that information at the DNS layer, you just can't encode
> transport it at the HTTP layer using a media type the client can
> understand. So that's an http level failure.

The reason I think it's a DNS-level error is that AXFR and IXFR are just
examples of the more general problem of query meta-types.

The DNS machinery needs special-case code to handle a meta-type: if it's a
proxy it won't (in general) be able to parse the response it gets from
upstream; if it's an integrated DoH server, it won't even know how to
begin generating a response. So the problem occurs at DNS query dispatch
time, well before it gets to the point of thinking about rendering the
response for HTTP.

My code looks at the qtype and generates a DNS error if it is an unknown
meta-type (128 <= qtype <= 254).

There are similar considerations for DNS opcodes.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>;  http://dotat.at/
promote human rights and open government