Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)

Paul Hoffman <> Thu, 14 June 2018 15:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD138130E62 for <>; Thu, 14 Jun 2018 08:22:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kY8-5XZFwAuh for <>; Thu, 14 Jun 2018 08:22:36 -0700 (PDT)
Received: from (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B1C7E130E45 for <>; Thu, 14 Jun 2018 08:22:36 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 14 Jun 2018 08:22:34 -0700
Received: from ([]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([]) with mapi id 15.00.1367.000; Thu, 14 Jun 2018 08:22:34 -0700
From: Paul Hoffman <>
To: DoH WG <>
Thread-Topic: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
Date: Thu, 14 Jun 2018 15:22:33 +0000
Message-ID: <>
References: <> <> <> <> <> <20180613192030.GA2792@jurassic> <> <20180613205637.GA23215@jurassic> <> <20180614042217.GA25915@jurassic> <20180614044113.GA27115@jurassic> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Jun 2018 15:22:38 -0000

There were a bunch of DoH implementations at the last IETF Hackathon. The fact that two of these implementations are getting early publicity is not indicative of a trend.

On Jun 14, 2018, at 7:38 AM, Sara Dickinson <>; wrote:
> The observation here is that this shift is being directly driven today by applications wanting to use DoH to their preferred resolver

It is one implementation of one application, not "applications". And Mozilla has not said if they want to use a preferred resolver or are just doing that now so that they can get better measurements about whether or not they want to deploy DoH at all. If Mozilla (or Chrome, or Edge, or ...) turns DoH into a way in the long term to force a lot of DNS traffic to just one preferred resolver, they will rightly suffer people moving away from them. It's pretty trivial to detect this type of behavior.

> for a variety of reasons, not by (for example) operating systems, enterprises, ISPs, end users or the DNS community. 

There was clearly interest in DoH for operating system use (by Stubby). Enterprises have indeed indicated they are interested in DoH to avoid redirecting of their traffic by intermediaries. We haven't heard from ISPs or end users, but we *certainly* have heard interest on this list from the DNS community.

--Paul Hoffman