Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
Puneet Sood <puneets@google.com> Thu, 14 June 2018 20:01 UTC
Return-Path: <puneets@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92AB0130F67 for <doh@ietfa.amsl.com>; Thu, 14 Jun 2018 13:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.21
X-Spam-Level:
X-Spam-Status: No, score=-18.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv7lIYNK_ZUO for <doh@ietfa.amsl.com>; Thu, 14 Jun 2018 13:00:59 -0700 (PDT)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAF44130F69 for <doh@ietf.org>; Thu, 14 Jun 2018 13:00:58 -0700 (PDT)
Received: by mail-vk0-x22a.google.com with SMTP id 200-v6so4421425vkc.0 for <doh@ietf.org>; Thu, 14 Jun 2018 13:00:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=E1SUJ2fUnd+ONLvv75CEfd87i8e3wQ+MqQsQpxGmzp0=; b=nIpL1+M26vtuNcVJSgZEMBFmIcWmqaIGAPeqZVC7nQQ+XRl18nGydsF8VQcE0zZXdI SFknO90ZdbLlhYyAVNJt+mxHZFLs3tIg3f+oPfB7OsUiDiPPcUO1qd60s4onmePVFrnr nqKgcqz8cUSpEoXdAgjZ1q/u+t+aFTKH4a69YSzAN0Yy5aCwSVrITTiGmesUipZpdivN YQdrlndsfYCdSdUQaJ8kLWWVDIKSLQbHtLIzxq0dZZW/55TbvbUWBVpLQ4ddiz4my3Tm R9P+CjOlZUIaTshbbwdPhM9feB5xvuqocOHT+kS+XxWTyhPVtQKdgD03u4KtNcD/naym Ozuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=E1SUJ2fUnd+ONLvv75CEfd87i8e3wQ+MqQsQpxGmzp0=; b=HABKVDFsiQspU/0NWooqX7YLRF0b1Hs2wJTa6z+QcVbZec+5283MP27SZ8XsgVMFwA zSmnHVRi4nGAy3K/Fs0i0pcuWzX9In0crgrcvHJA8VCzX3usLb3qDOMEypakAkNsxEBp qUzsag3QZ+8Beu5SC0H0zgyPMnHGogrYpwaFp9nYlJWJhqEqq/eIjLrsExspYdWwmGup JmqvPDSrNnMIBKmtRLXyJBT6v713DoEWArMpx/qgPbjh5SfeSTuSIK0JDp3zM9q+TNLA Gvo3SgD+d2+rG0+0eepczKJaaoJgFRJMZxZWtkrZCKGFGvsYhe+02i5tNq27i4weYFAh xASg==
X-Gm-Message-State: APt69E06vspNR/ljJAB9mJPVU13ooVBajWN5k1AlcpCmzwT+s9qhRQWE jpnoTDG4BhWU86Mnn+2i1mH2v7LB7JdHeD9jWJJB16I3/64=
X-Google-Smtp-Source: ADUXVKL928ZUTky6gG4WkjMak+gXPlfF/sFu7IiP3WSOVBlTNduIfju92X1Xxu/dCWvghV16hmlMoWSMNXMqKoacaZM=
X-Received: by 2002:a1f:3697:: with SMTP id d145-v6mr2473390vka.79.1529006456024; Thu, 14 Jun 2018 13:00:56 -0700 (PDT)
MIME-Version: 1.0
From: Puneet Sood <puneets@google.com>
Date: Thu, 14 Jun 2018 16:00:43 -0400
Message-ID: <CA+9_gVuGY8GLf+R4FONit9hweoEEFXOnh9WRVY_5Q5bbQi7bLQ@mail.gmail.com>
To: doh@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/m7TaeRbFhlIJx3T6EJ9RQqr88yw>
Subject: Re: [Doh] [Ext] Are we missing an architecture? (was Re: DNS Camel thoughts: TC and message size)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 20:01:10 -0000
New to the list, quoting the relevant message manually (https://www.ietf.org/mail-archive/web/doh/current/msg00743.html). Dave Lawrence wrote: > I believe that makes not imposing a 64k limit on DNS fall within the > bounds of the charter. In fact, I could make a case that it goes > right to the first paragraph: > > This working group will standardize encodings for DNS queries and > responses that are suitable for use in HTTPS. This will enable the > domain name system to function over certain paths where existing DNS > methods (UDP, TLS [RFC 7857], and DTLS [RFC 8094]) experience > problems. > > ... in addressing cases where existing methods experience problems. > I'm not going to get too hung up on rules-lawyering that argument > though, it's a sideshow. > > Per our out-of-band conversation, I will later this week (new $dayjob > intrudes) be offering text for the proposal I made in another message > about using two mandatory-to-implement media types right out of the > gate, differing only in that one has a Content-Length limit. > Implementers can then choose to make it plainly explicit that they > are sticking to legacy TCP limits. Having two distinct media types (one with the limit, one without) will allow a doh server to determine if a larger response is safe to send and respond accordingly. So I am in favor of your proposal to define two media types. The RFC should not mandate length limits for media types other than the existing wire format media type. That should be entirely up to the specification of the new media types. Barring a clear indication in the client request, a doh server should conservatively limit responses to 64K for the existing wire format media type. Reading draft 10 section 6.1, I do not see any text addressing interaction of the message size with the cache behavior in a recursive resolver. This is mostly theoretical right now because the transports (UDP, TCP) between recursive and authoritative servers are constrained by the 64K limit. However when recursive resolvers start receiving > 64K responses, this will need to be addressed. Couple of points: 1. Will a caching resolver be expected to cache very large responses? An implementation may decide to put an upper limit on the size of a message it will cache. 2. Will a caching resolver need to cache different answers corresponding to the 64K limit and the "unlimited" case? -Puneet
- Re: [Doh] Are we missing an architecture? (was Re… Patrick McManus
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Puneet Sood
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mateusz Jończyk
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Sara Dickinson
- Re: [Doh] [Ext] Are we missing an architecture? (… Daniel Stenberg
- Re: [Doh] [Ext] Are we missing an architecture? (… Sara Dickinson
- Re: [Doh] [Ext] Are we missing an architecture? (… Daniel Stenberg
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… Patrick McManus
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ben Schwartz
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ben Schwartz
- Re: [Doh] [Ext] Are we missing an architecture? (… Petr Špaček
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… bert hubert
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Tom Pusateri
- [Doh] DNS Camel thoughts: TC and message size bert hubert
- Re: [Doh] DNS Camel thoughts: TC and message size Petr Špaček
- Re: [Doh] DNS Camel thoughts: TC and message size Tony Finch
- Re: [Doh] DNS Camel thoughts: TC and message size Hewitt, Rory
- Re: [Doh] DNS Camel thoughts: TC and message size Benno Overeinder
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… George Michaelson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Martin J. Dürst
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Robert Edmonds
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mateusz Jończyk
- [Doh] AXFR as several messages Re: [Ext] DNS Came… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… John Dickinson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Martin Thomson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mark Nottingham
- [Doh] DNS Camel thoughts: TC and message size Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ólafur Guðmundsson
- [Doh] Are we missing an architecture? (was Re: DN… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] Are we missing an architecture? (was Re… Mark Nottingham
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… bert hubert
- Re: [Doh] Are we missing an architecture? (was Re… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis