Re: [Doh] DNS Camel thoughts: TC and message size

Benno Overeinder <benno@NLnetLabs.nl> Wed, 06 June 2018 21:22 UTC

Return-Path: <benno@NLnetLabs.nl>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B99E130FF3 for <doh@ietfa.amsl.com>; Wed, 6 Jun 2018 14:22:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGU6zYScvGBS for <doh@ietfa.amsl.com>; Wed, 6 Jun 2018 14:22:46 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7BE8130DD8 for <doh@ietf.org>; Wed, 6 Jun 2018 14:22:45 -0700 (PDT)
Received: from hydrogen.local (j48230.upc-j.chello.nl [24.132.48.230]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id DF3E28689 for <doh@ietf.org>; Wed, 6 Jun 2018 23:22:43 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=NLnetLabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1528320163; bh=0yW9ONGEsQXn9H2NQE/GGU63SEBte1wv/vd47PpzV0g=; h=Subject:To:References:From:Date:In-Reply-To; b=UmNsV8jHVpOi09cvl7GMg5bI2tTI5AT4hOWwTXx2tl+l4+vXkbWEkA9sOS0qKdG8Q nwz9FjcvRoiKvmvQFHCKxY9ZLXIEGI84t62MTBVW1Fuj5VJ+26BHUZAcw6dPPbjAqO TvQHxbs0eaXqgZGycNZDlSwEpbe4kds78wVE5Wfc=
To: doh@ietf.org
References: <20180606093212.GA23880@server.ds9a.nl> <alpine.DEB.2.11.1806061501340.10764@grey.csi.cam.ac.uk> <35969d8d-c64d-86a6-9edb-0bbe8f2863d6@nic.cz>
From: Benno Overeinder <benno@NLnetLabs.nl>
Openpgp: preference=signencrypt
Autocrypt: addr=benno@NLnetLabs.nl; prefer-encrypt=mutual; keydata= xsFNBE2vPv0BEADE2LbwfYmwzLAiPe4DJ1FlhYQNFEKik7CLTzdmgUrLldhoQBu+UbzKWrqo 4B61d3jRwgEVXkXzUucwzwJxU0hHoQTdLNWf2xjvyBwtG/I/lim2tm8MT9NhRQgGjfi3emHS QeuyfWHntrVRO6hOqGBGjjeVDmAwA9Mq8Lg1i/pH/0fPBNCJgfGv7W+PIGD/HslwAXJJyetN GoFiSp7A0GpPFQcF3e8ZFuHWGeeLCazPZTEESXR4gQhW0uD1Rin0F5Nn+GP/u3A48RiVRYip hoQU2Y/ZFBowXA9kD+Gk1/4mZ3WExkqbWp9k50uC0eUUJyM8MPFSu+PhXQtXYNAXh+d7Dqua nQEWHOD3UfGPIeH8O8xlkFskDxQKqEFQqbkAsODuute+ogbfME3ET9imDGLuiV2ma98zZS4Y 4ABuYmfV8Uj1PanDN2bCBCHOTzMa5U5LB+YbRDSI6bePs86r/ifICofs8W7yqC9U9eV3Vd3A R7p4Ncu5rN5JK0E/4ydBH/2T/3Nbzd6FKvoFPrjR2fsNfi41RaTQ96Zs2igzdW3Q4KbNiZHx 1VhGDCFLJyW9amZJsM7nBDNg1HnNjg6+Wbc21VjCRGYwgejImaJzqG9BJQJV7PH79GP5Mh/0 AqIwkejZkQmnZCnpyRl69cSJ4N9urKpRGHdo7eCJeYCpvzE3owARAQABzTRCZW5ubyBPdmVy ZWluZGVyIChXb3JrIEFkZHJlc3MpIDxiZW5ub0BOTG5ldExhYnMubmw+wsF7BBMBAgAlAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCTa/1awIZAQAKCRCsiZiNy3/98UrAD/9HRXg7 wFP4E+kIMEz6T2j6lpcLUAbBrZwLsxOD5zH/ClTuRrfDd7nMCGpPtGJVT5pgLurZloRqPBYe QDZn1+a37DUl9t85d4D9J+B6NYP8uxAXZqbSDvDeRPt+NO6wHL1rStv3ZIugX5voJKYlNmvh 3ljvF+VeYjTwZykTd7hXWTwZc4K6Rq3eVfP1aZcDvmjXPWfT4So7VnJTH5XwnDd1zFTjztNM U405uXOM1z9tRYZeDbbSpWidvap+IWHt/OA2Vymd+EKH87yfIxFZsSxT+FGRnxC1Ll3I6TX7 IID1bGP7/SgeZ5yHAq54WTrvTwhib7WWCWmAMnEzdYHTF9bOtiVrGg3LMvfX+g4cuM6aEwqS VOB6zfxwJBcFwYlZ/YhyerhmpIPr4AxnuhEVRX35VSf0XX9Hlb/ETNauCJEKfLFN9VjJ1FC3 7fWOZ+KqvHdFO+gmZ48+5OOqoID8T3QyqoO/MKluV/XTQKkxYXoh3Pf5ZBHshffMUMshFrQi FoZkbkv1DBBtM0YpcDL0+oPH9S8oIpRD0PgpPOrVVC2f23KZ60Lf2vzLJW28/aKEfnGvjU2A ZP7ujjBnQ3bVqdV9iuES6j5W6TpGguvUZ8cjY/n1qfGPvkTgqAG6pQ1UrUMP7Oa+eCml8Ssa GeQkl77jGBjabFnIsW3SVCNOU+waTs7BTQRaJ/NsEAgAn8u+d2VfuogyxrK2SW3r9ZhtQxMo rrizi77DTRqU9sTQjVxRFTJtZ2mdU+E/bi+uc5aYPcehXJSkKA2TZ5/Y2HF4+hDbLslhl22o L6Ti1rfrhdNgir57eY5Bs3DjHkWY59Ij+s1sIL70Z+go66u3x3ChJoM6TXX65vJPRKEYS2Eu ZxEUSgRcssrki9e/Sj1Orsu1J9h4/l7GRGbB5pVLV4/yytShJghijwsjiWYH1SA42T7DVLIy pCy/H/xmJSLO9aW962lJAgHL/J4PSPCLHOk3z364WyrWseb4MLf4gabLTvhuqJ1igrV777L9 oirXEyCxj3nO6WCNqY8ncpgwDwADBQf5AQqPoLRG3chjyvUtkY852rR0vPz4pJP4j+1x8Op5 BEEFCLQa1RHVe0f+L7bl2umtiF+5iatK3SpY1Ra9iU/2Rw26jilLFfymf30OR99SZnL0kicG 4BMoVshN3lWje6DeoAvt6iQfKXEh2cdgbXj3vUcMTpB6wjwalyqhYDgOYXZcsTpHHHCucjjo PvbcMrbNM2wlYaWwrupXbWYaveuVm8JESiZX0XmKPoG7y1mlAOJcfuurDOb1LVFyUX9Uumv2 uSxnycfJQrFwhXcEy8swqZYZGNhw1U8bFYeZPkgkThkIS2PWAT2HczRVVIp86Gt1OAs/ogQN pfZyXigBzIuzIsLBfAQYAQoAJhYhBLflxeOG3VADrVcT4KyJmI3Lf/3xBQJaJ/NsAhsMBQkH hh+AAAoJEKyJmI3Lf/3xTGUP/3JVhY0ILibuuTZxaG4uqS9/POXSswQy2TjC/GvRkhmwall2 57E/YSrbcpEBxZMfRdjKRKlwc0FHvzqlG8Bt0KiuTmEiu14N1ZjsD2ZZp69/inppwMC7QaDT OiGAwkNtTcGEU34od8OlmDolfAy1xZ2EpS/vNHjhsn2RziC1MM7E/b9Fr/X5/Zo3/Qfxb0a4 7BddS3JSN3oG1NHfIa3t/0+eBF1aaejbCAvaBshShonRTaRKPGYM0h7DjHDh/aC46jwrX+TA H66KEc1DcM5Sy/IskgW1HhWRPpDRxGdVI6mVZDAGcPLuLIx8cjRBkOYRkYLeRRPU+TLh1A5f lPaFTgJvajJV2wXYUewuWIk5pEhOIHFi5fTzGR8OW6/PXKe0h5ROQU1lGIgLBO20BAXoBdJj zAi67vFGo4WP+keLy4PZgiWNj/xf6KcOhNYOEUFg0wXjhJud87l8dhZRFvKPefgD37Y0/Jof fpBW7QKUX/9ChJLCQcCBnZIrcxJnz4ii1F1POa5L5ziF1Tew4RX2WFbfNJlyhGRP8xFaNsyW qQfMe+PF9fUa/32K1fCxEJCLTb2Age6cnEEjuWERI4up5Ae8XfvBQj9nM3df4trvewE4KOZ1 nyDa4t9iZCrDMabuudgwJBBxQ2gbnDKQstvp57amDKUKHfG6c3h1R0EanBAl
Message-ID: <b4171f35-2ed6-8477-768e-eaf06b6c9d7f@NLnetLabs.nl>
Date: Wed, 6 Jun 2018 23:22:43 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <35969d8d-c64d-86a6-9edb-0bbe8f2863d6@nic.cz>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/diXd7kcCHplSl7qr7hWHT4BcRmU>
Subject: Re: [Doh] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2018 21:23:04 -0000

On 06/06/2018 16:21, Petr Špaček wrote:
> On 6.6.2018 16:18, Tony Finch wrote:
>> bert hubert <bert.hubert@powerdns.com>; wrote:
>>>
>>> So, the DNS Camel has a suggestion. Specify that DNS messages carried
>>> over
>>> DOH can be up to 65536 bytes large and note that truncation should be
>>> handled as if the response was carried over TCP/53.
>>>
>>> Effectively this means that a TC response over DOH is almost always
>>> useless,
>>> but this is no loss of functionality since it did not work over TCP/IP
>>> either. We've not made anything worse here.
>>>
>>> And in general this is what I hope that DOH will restrict itself to:
>>> provide
>>> access to the DNS protocol over HTTPS and not change DNS itself.
>>
>> Full agreement, and with the rest of your message. Thanks for writing it
>> so that I didn't have to!
>>
>> I think the semantics of a DNS message transported over HTTPS should be
>> the same as for DNS-over-TCP, wrt truncation, EDNS buffer sizes, and so
>> forth.
> 
> I totally agree with Bert and Tony, thank you for an excelent summary!

Thank you for the clear write-up Bert.  Like Tony and Petr, I fully
agree with your message.

-- Benno


-- 
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/