Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)

Sara Dickinson <> Thu, 14 June 2018 14:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A825712777C for <>; Thu, 14 Jun 2018 07:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OLn6yZS97j_V for <>; Thu, 14 Jun 2018 07:38:40 -0700 (PDT)
Received: from ( [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 859B1130E46 for <>; Thu, 14 Jun 2018 07:38:39 -0700 (PDT)
Received: from [2001:b98:204:102:fffa::409] (port=50899) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <>) id 1fTTOU-0001nN-3A; Thu, 14 Jun 2018 15:38:38 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Sara Dickinson <>
In-Reply-To: <>
Date: Thu, 14 Jun 2018 15:38:32 +0100
Cc: DoH WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <20180613192030.GA2792@jurassic> <> <20180613205637.GA23215@jurassic> <> <20180614042217.GA25915@jurassic> <20180614044113.GA27115@jurassic> <> <> <>
To: Daniel Stenberg <>
X-Mailer: Apple Mail (2.3445.8.2)
X-BlackCat-Spam-Score: 4
Archived-At: <>
Subject: Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Jun 2018 14:38:43 -0000

> On 14 Jun 2018, at 15:09, Daniel Stenberg <>; wrote:
> On Thu, 14 Jun 2018, Sara Dickinson wrote:
>> I’m not saying there is a right or wrong model here, just that there are more concerns than simply what the application prefers.
> Sure. And I'm saying they already existed since long before and are independent of DOH.

I don't disagree (note I did not mention DoH at all in my response). I was replying to the generic question “Why shouldn’t application be able to decide to use their own preferred resolvers”.

But it is also true to say that prior to DoH applications that made that choice were the _exception_ and not the norm, whereas it seems highly likely that many applications (and most browsers) will soon all choose to perform DoH themselves, making this new model a reality that has to be addressed. That fundamentally shifts the role of DNS and DHCP within the end user device infrastructure and the raises questions about the concept of implicit choice of DNS resolver (e.g. the network resolver vs application resolver).

The observation here is that this shift is being directly driven today by applications wanting to use DoH to their preferred resolver for a variety of reasons, not by (for example) operating systems, enterprises, ISPs, end users or the DNS community.