[Doh] Dedicated DoH port
Tomas Krizek <tomas.krizek@nic.cz> Thu, 11 April 2019 17:41 UTC
Return-Path: <tomas.krizek@nic.cz>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 2240A120607
for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 10:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id sMMIcP82L5g7 for <doh@ietfa.amsl.com>;
Thu, 11 Apr 2019 10:41:39 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A9A06120608
for <doh@ietf.org>; Thu, 11 Apr 2019 10:40:56 -0700 (PDT)
Received: from [192.168.42.125] (ip-89-102-31-19.net.upcbroadband.cz
[89.102.31.19]) by mail.nic.cz (Postfix) with ESMTPSA id D81B260710;
Thu, 11 Apr 2019 19:40:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default;
t=1555004452; bh=JMHQk5HpZHmPVyNfZmH4c8GMZXR0Yb9XIh/+ZeS0fnc=;
h=From:To:Date;
b=BPzSfG6yuyisrZDdPvFW5gc6S6YDBea/phYMOaeIXso+EZQok0sFsk3VBjq2DYXLS
/0dmyeXwxjyq0PG4QDCPIl1XTc7wdtb7hQ3o9XzyftaC7vIH9OGF2PjuqSAErH2I8R
1rdXIDRZ5cqlOVieKMtkhJA8ZWTD6DaPaTEp2uYg=
From: Tomas Krizek <tomas.krizek@nic.cz>
Openpgp: preference=signencrypt
Autocrypt: addr=tomas.krizek@nic.cz; prefer-encrypt=mutual; keydata=
mQINBFhITjsBEACn+jYk59OSa7eul+bIaZERXTfhgfC6esfC5WPV0NmCig0W1JbunWglYX3B
s1FJR4OCpchrbAQW3bEYDsddvy5rCbaG0IoOqNsd5GEhCmegDLNU/l36P83UUw8kkSJhlKr/
U+EO+bFyKljmF+dE+OvIky1A+wd1zgRkcljr9DOfdLsAqL4nIb/LC99ZD27laSEAoaZagHXW
MVP0EExM3+T4V5sPJ3ghrK1hAk5spAX9yHUSF242zo+5Sj/l/dGL/PXDeCJPHjfdQNUkKcRT
VlbAIjfl5mk//73z3XmRSKp9R5HsCKQjBC5Q38a/ZVDdaiSwIxw2sDLrI4+91ycsJ3gjtyiq
yO43a4Y6mQHw9VZxudYG1hJ1+pAEPyLo/xIpGIlOo6BmmSz7gYgTPKB/dmGFOx/Qtrt8jNti
y3oyRRMPdQ2Vl/MRAZ+OVSsSplf0uGFrhWOX6OPl6h7hu1mMbmHrQtgs835ZVfMf2IoK6QkF
NFkn6HbdgF+4IZaX4br1WqZN2c51hKcIE4AHTSVSXwXRgdN/7Q2bmOH2IvfqTOX3HyfrIqUL
nqUuD4tZB5Q+z7V5H6vzG5GR2CFlwkSgaayoplLG7h4Xh6Hyman95tl/xS61TeSfnv7NYIZj
6fw4veUUALQlTwDkOh17wByJitvYfBkoiCY7ShAxYyBckGGFxQARAQABtCJUb21hcyBLcml6
ZWsgPHRvbWFzLmtyaXpla0BuaWMuY3o+iQJXBBMBCABBAhsDBQsJCAcCBhUICQoLAgQWAgMB
Ah4BAheAAhkBFiEESoukjCrtkzvUlcUJoful9++MSGkFAlwZInQFCQXe2rkACgkQoful9++M
SGnRWw//f6g+dd4ddcsocUpn4dCJGOQ9HqWMhAKItTq4UI8H337LATFCB8vKPmaDkKXIJYtw
+4eZzhlZqTIzH6VUUnZWdM/Aifwnj2nCnfUD1wHUuEU7ZwNUEenl6YZfFHFqKaThcv8UNOss
TUdWL752LwRMvaBscert2Jnc4siOYTRNcLJiqev36LXFwc/pbuH8TBrLVszB3MGrrMNv+NCy
yCrk5vgGlzBXGJWwVKwf/7pPjN+0DiEeSbSFnxnFCUiyMYTVOhs5DanxNcdYu7cBMbLwp1cw
EP+RzUSeOOrKcVdb839EXb0KtXQ6w9dAkpp7XeQs+os6bq8M9Mx6tdIv7bX/KUJWVRUed5ow
SG6AJvRdSdvxpKom14CgWLM96tJVdz+Pttc29ObSGcucEvmAIAUtdFSmxYLnKVXq1EGfkZXX
PDr/cSr2Lfedc+kb7GDqal6St4uYTo0Q3nVFwiHs19ZRqvf+6TCbOvv8PStxD4YbwlzNkcyF
nKceU2a8dyvOhDR3s/5OONsjLT5srEmnArZy/0gtlzPEhserHhnnE7o0dnzy02QmktLaqhw2
MXX1zIifR4tf+MGY2rAm2YtilD78fcsFPOZ5w7GDufflxz2uzOQ1CtPiazoI7tNYSYJELTxD
g9Es2KUNnT5sja5gKPpGSjK4mhOzvYrxIZnG4p7i5gO5Ag0EWimwOAEQANIie73DMB4rO0WE
mJ4qXfJotkZEViX7MUMo+gh1Gb+zcC08gsY2rdtVXwydkjHimk90qupL0WvP2caYpGyeZrn8
4fuiNpbzDWM3r/EhArizGWgpiEh8B9Pp0Q7K1meA7Rkwk6C1O+Jns9RhXJFE2KPIPBBqwWG5
rNIChnPOt/ZpSmQ9fnqplMT+N83xeN9GDU9EwEPcwzLsq+nCgVcAam1zMUUGKNeiHj9pcg+U
TfvTROSKkRQ0UGTKm7+vYi9+jbQDGeTNSoEUp/wqgneryhKISfBODTqCn5mjoBqWJqQB3u8G
Kj0R1WNK/kmmNA5cNDZmzfx24a3I8DI110AoKBGvGkmzR+c1F3ScjrCrBf3ce4wj0tAVtpmr
h1Zj8DA9Waa2MxYi2BNVH0nJf2m7xrc7K/NsCC3zdMLML7KF8oBmiVFMJCxozla1e1iDq/F8
aCjkeX6qtdycdYulVcQqgaXRpe821yYRreTjAdO9j05CSfqQ0CZUmPq/Ff5YJ928FJF4rJOU
g6djm4CYaDH9/1kcIiAczpUvvd8U643oKOiN5cEooFKqc3uOLaiTQFc09pZm19rGY2wmn7qE
Q6KoMuPXkrFOHkCpyqtW6dfHHJeimLBbvxLotdWrUaMtKjmwG61MueKCRPlysaA2HWcaqQiA
Jk5U16eKb2ImjpO9UBepABEBAAGJBHIEGAEIACYCGwIWIQRKi6SMKu2TO9SVxQmh+6X374xI
aQUCXBki0QUJA/15GQJAwXQgBBkBCAAdFiEEFe8t8KwPEBnPn+loGFnIJjkFVmwFAlopsDgA
CgkQGFnIJjkFVmya5BAA0JPGtGHpCLnLPjxdLnIpUbQbaKA7AiYskJReIEqPOXWb9WguXYa0
j8PsO8d7sn/tBMqw7XdezjWcJWKutipV9tw6bWQfsx37dyplLwQ6FvuaAMAEXBdxS2Zvf5ff
nq1/Sy+TZSRzVH9GkkP7LgjFfjt4sXTi6KT3zv25ILblJk/Am8qpBt5Iia6hLibDtaz54o3C
motHi2JQLayWwQZ6A1a4/hlI7DczsEZfANxd2AItQOQQHvoTEuxFR0ew0dIdv5pLWrW2HfPi
LCFUk2tPImpLvUsmHTQ0kRp5RunObplWIkb7MqCb8DhJ7rbU4eur+qW046pNxci94m0zpEBh
dsgC2P+gYSfohYvpEdVMmUOETdxbEUREF1aud72+onyPSvLR6nTwM3Br/v1NK3o8t6K9zkUn
BFDtjqXn7vsf0CA1eszcygsAi06CSgpv8qnU4j7YoBspbCjEINhip5iNigI3SN49gA9ON+0+
FszDZU3sokvIu2xfvePyZ7OhQD6lu+KITlwUH2EDIVpirH1ubO3VhxY6M9qBWs49UuCQbBaG
BwpHlhg7n+wggx+k6Z59kU+4cd1Q9XNfbk2hVvYdCvHbtH78rh8maLBdGsiyoWrLvcDF+z3G
/afej3QVAP2LdWkurAxhUp7sAf7VBKvcXCQ0/PGrfRpgdofxmNcQG1sJEKH7pffvjEhpdFUP
/0dEjCqXFocJh+brbecd5UOAxZ8LmmBKcxyB0jr4oeiZBjhBy7Id55YwGRRAYm6MYW6S+g9g
yoH5qw0u1fmAcxanXq3i7tLp6NZP+O4ZN0UP7G145VfgTU7qpj6KszvFaoWhMDIQk7ADry1k
FrOPpB0q8fc2kIdcsTmAvl3l3oKrq4pEeUGuBoKZpoF/5tG6krv1tOjYXAmZ/hxR6ktBG3PK
B1Q/rWu5RLhwrEofTtoxAGOL2XKm0FdvMlE0KWxSKgmJzZbQokm2mF1WbY2xCJLjaqUgaDpT
tzGvihOlomFENrkQsWy75ywkcZoxXRKux6SU3xmodVeXTwI2BiPkwp+eaj3luZyfgD/f3x3Z
MfNY3txJX1EATbF/0PM/EqJN3ZfdUu7fBfdKlf5tNnM+nfvHGG0VX6gooC2JzEjJARIl32rb
WPdaNxOSkgWqXnH0YNv4195bAFet1wFjls3xbiFqwQr39ExwOQ8pneQ4pAOlq8evY8VDf6wh
pjWyr5eNQNUjex1n2chF8GWLGTAggNpAxhO9QxXgKWvtg8uD1qyUPGc+S0kRwHtgGmbtVmPu
TDk8kzECxV6x2tCnvqDwfGmX9DWfT+Aivu1n+0zigFQJbaJ4thhrZj7ls0jX0gqO720ogjCk
SnRQFWnvzUH5Z4nhfq0nELZDO11mSAJuf3mCuQINBFopsMIBEADTHIG17I/eGluDtAgq5ryD
bXc2q8NMNWotsNJvj9MbT6sCOq7gwHCrsbPMylxPTAsz/LIfaFzF5eIKJs4BfQJkgLrNPN6D
r40zq/+rfl4tjrfpEzxFRYrqTRHIVEhc2TETdBkQNf351H+dAMrctjFvCzoEhap0MorxWmub
uHLXqdsNPCAmnLCkn4nuBm49qBPtxZOalbKQx2OpBxkrvhHvTYh078WNqBFi3y2EW2RYqxVr
I5u4fL2A2b505uaavup2gQIOuIgsnUciIw1iGUDRHlQt15w2H1y6w0rI5qYDKwVbO8cM6g3R
CCh1A+sYYyXhPtxAqk+zcCswU15fuaf4PmcdS8js7CJxXJVeUD/1xrXDVMLSyrTJCLDT5Ki+
jAToqt8UzGeDyP6kUvz7f25O2eeR+myy8yDw8dF/CPHQLorHIczeQNRxvbWEwuBgMKNDQvyB
Tx9jpmAjZ+oAc7n6eALwZF06hlhAu+T7aTg2DHCoobDSSG1xWfv1esBPjSMr4QpurTONMJXJ
BMiBubVI7jsLltAIagpggimmZfDTO+lmI+/u69iK/LZTd0r960HhixmmHccNkc7wWnrSJr0s
6zTNi7ddscLdL+z9+g61g2LunQze4wHO9Bd5xcoDWUOY7TYKXKxkwapfHHdBG9oK6F3IZO/q
vt4BALiSw0+KLQARAQABiQI8BBgBCAAmAhsMFiEESoukjCrtkzvUlcUJoful9++MSGkFAlwZ
ItIFCQP9eI8ACgkQoful9++MSGkeTQ/9F5mW8VPQf6XOraSigIqfjb4WrrGc0kQwYlzILWiA
9jdmINHnX6gFriMkUuOcuntROmNUxOPxrTkBLZYvdF502O68LT2Je9aPo4loPyZancbIZAMN
bYRp76zQHFjSJEdSW5I/rSsV7iufFQZ9Q7f6+UdSFfLmNBnlKKBYGfj7TmnyOk9u//J22nV0
Sinu1cmsYwcBSoHydu89YbSFs5Tu4vgbkA1D+ggCE9/XkoS+0nPEoyBalRKmm4oXt91+ArLn
b62RxPYwo28axDAcg1jk4IC1kdRKa+X7dWfYFcknRa932m+SK2MY0yPNECZdva897yo1IylX
y50zRSw4gujo+3cExFUuyfX71L4yG9ndQOPEtXJt2kQbbdvVOMFmNJjA4+l8DUyiRBwLfjhW
VAF2WUI7YGbrwIxW5AqogBgFvx/iV3fgUHTeEU5/Jmzok/BI9cjlrd1ialNwyjQqBls8cjgk
hGnPB8cZSUYiWm1WN6gqCmXTDzXVRoqaV68TJF2QMhficAHq1PgD9cFnOz9cfMaqVUputKUR
R3anYpkxlDe8MGvoS3HCfnQwiOWRDDWfsmFfB64RROMDvojkhrJ6vgcpPH3R4lh8ZomGJUWS
b9+pupY0mI26hpV4woYD0nQCGXJ58Hfh84DmufQuppdfoJwS50O9WO9B6Mpns/Ab61+JAjwE
GAEIACYCGyAWIQRKi6SMKu2TO9SVxQmh+6X374xIaQUCXBki0gUJA8IjjgAKCRCh+6X374xI
aY5tD/9Fw9WHqaFvcNu41M5oQjUbWl1jY6FutXgm+tapmHsWdQ6nTEA8Ch93HRUJC4I8grNR
e4xd9qEZLGw+lrlmKhhroNqrzoaCIbl2/zRE4Pl0UOaMV/xR8x01Jr9kE6rrkHQt9HuSMffJ
M76sqHEh95ZTfTWW6m228gRN3Wduqt2Mu0vlSQSdegog8DP7KnR5i/LcdgUfAm5D5NlBvJwR
W55PJ24bp/zFCFZAQXMN75so4OLiig/yWgsnz2yxEsg/79aRf6p4R4jOy+aP/V43iJJKQkDx
BG5X08kh+QBaGTaUHqalnOccIX9DcM4G9bz2WZySg3njmXVjRyD5ayNmy+WixhaMjKgudAAv
zKqHpT6qKBwc4r+kqGxySvsVIU6IUxs9zzrUrwgyB5WRO45JZ5ZOXPOOFyEEIfb+VcMSzu5N
4U9vOAxGCTBhjEjJyai7Zz4hgx3c48rNMDmByHL9sd8GwwGoCdoCDiZti62fBYxUfsHtoaxb
kSnXMtN0LeQclHSjQpDMO/k2Ow8/19sG8XqW+d4nLz+7se4QjmNEf8xAkice+t7hEtu8sqcu
vfISaURjPOEYzPdTymo7Bd9aYICCewHgCJEP1n0Fk5dj6ZMmUR86vDE2wm7qaEDc9M5sDqV3
pHNUGPUm3ANtW8nHF/R57lLE9IGZBe82eO9g+s9qtg==
To: doh@ietf.org
Message-ID: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz>
Date: Thu, 11 Apr 2019 19:41:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="K2rrw6pkMrRybeHphJmOBkfgJ5Mq7I56u"
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/pP_zlnt0AhjXQAn7DJwegoZBTfs>
Subject: [Doh] Dedicated DoH port
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>,
<mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>,
<mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 17:41:42 -0000
Disclaimer: I don't adocate the use of a dedicated DoH port rather than using port 443 for most DoH traffic. I'm simply trying to establish reasonable defaults as a software developer and packager. Knot Resolver will use 44353 as the default port for DoH. We've considered using port 443 by default, but it presents many challenges. If an admin is already running an https service on the machine, the clash with DoH resolver can be quite problematic. In best case scenario, the admin runs into an error (not able to bind to port 443 - quite cryptical for someone trying to run DNS resolver who's not up to date about DoH development). In a worse case scenario, the DoH service might actually seem to successfully start and run alongside the unrelated https service (e.g. when both services use systemd socket activation with ReusePort=true - basically SO_REUSEPORT under systemd). Those who know what they're doing will have no issues configuring their DoH service to run on port 443. However, I think it's reasonable to use a different, dedicated port as DoH default for packaging, documentation etc. Since there is currently no IANA assigned DoH port, I've filed the following user port request with IANA to establish a common default that could be used among DNS vendors. Service Name: [domain-doh] Desired Port Number: [44353] Description: [DNS query-response protocol over HTTPS] -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
- [Doh] Dedicated DoH port Tomas Krizek
- Re: [Doh] Dedicated DoH port Erik Nygren
- Re: [Doh] Dedicated DoH port Jim Reid
- Re: [Doh] Dedicated DoH port nusenu
- Re: [Doh] Dedicated DoH port Ben Schwartz
- Re: [Doh] Dedicated DoH port Benjamin Kaduk
- Re: [Doh] Dedicated DoH port Daniel Kahn Gillmor
- Re: [Doh] Dedicated DoH port Petr Špaček
- Re: [Doh] Dedicated DoH port Daniel Stenberg
- Re: [Doh] Dedicated DoH port Daniel Kahn Gillmor
- Re: [Doh] Dedicated DoH port Jim Reid
- Re: [Doh] Dedicated DoH port Petr Špaček
- Re: [Doh] Dedicated DoH port Brian Dickson
- Re: [Doh] Dedicated DoH port Daniel Kahn Gillmor
- Re: [Doh] Dedicated DoH port Brian Dickson
- Re: [Doh] Dedicated DoH port Tomas Krizek