Re: [Doh] Dedicated DoH port

Ben Schwartz <bemasc@google.com> Thu, 11 April 2019 18:21 UTC

Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4F8120309 for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 11:21:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_37q_P6In1n for <doh@ietfa.amsl.com>; Thu, 11 Apr 2019 11:21:54 -0700 (PDT)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22BAB120086 for <doh@ietf.org>; Thu, 11 Apr 2019 11:21:54 -0700 (PDT)
Received: by mail-ua1-x934.google.com with SMTP id t15so2355984uao.5 for <doh@ietf.org>; Thu, 11 Apr 2019 11:21:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d5yKodGdAGdCwphXBs7HSNLnA4Q8THGdh8xBW8hmoVQ=; b=GXvIe8QH/74iVAioQYz+1sHhXPe5Eae0UD4wklErw6hwoAxFX6iuU90+yViuFkY9ku z4J/hYdV6BRakjVnsByCdSQARudLkH2QXBI+5iuF4sfSqLvJUmG4rku90H5M6i3MyvAu VHCVUGZveV4zFWM3KvOqTj/lVIyKefCG3q78y+7anmbEuHzXV4gQxpNdUz90+NA6uIAs Bmjsva8QQ3ikEcwf4gtmjnorvrz5cDb6ysQHLYOpxnOEbCf7GKUNrCvHbxh6hnr7BMhk etFQmJpRvBLoWTuq7XyWvrK0jk5jxPGUQV9lhQh8C68uq2PdsqD278ZknbsfYV+DuRfF rZew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d5yKodGdAGdCwphXBs7HSNLnA4Q8THGdh8xBW8hmoVQ=; b=XO7R+J7ZJCbWjakuaNu10YtuQrj2AAVzDaA081bxCAJPFQqXvut+ydoixgMN/fmth7 yZge3cZZ6C3wTu46+epS7qemD4vPIBUWUk2INXOsvofl8s5hfgPjYXf/osDR2eex/4Pf B4bvCUTDJLFnm+aP66wSAJg24nAce/u30quSqSyJ5Bcq/uKPd5eyVeHy5cwfU6ePaat0 U67IIQYDa4CxT/TpL7k3i8YEFIqZ/XpYnV3WrgRg7tNO2erz977AFLDel6dbNvYPmcRC xPjcgLOgIkYceucMmNxCOndqsI6LrT78CTaQXW6a6dNJThixvtL+xWASn15TELSR5gaK 0rBQ==
X-Gm-Message-State: APjAAAXk6t8ThgCXWHBEG72+B1T0sTJkkAOu2wWlFKY11xoVfg/Aoscb YtI3U2XSPAUzo98DQWvoWxFdWoWKR45TXvVCHvB30rGcjIPTMA==
X-Google-Smtp-Source: APXvYqzvj/DRy2UFH2sG4MMPXFk7Lv2RQjHYzcZ1ppDvw6EOMqAFa2/zAREg3g79nAlfov33i1qj9JdEYWH1IK77iz4=
X-Received: by 2002:ab0:23c1:: with SMTP id c1mr20938172uan.71.1555006912695; Thu, 11 Apr 2019 11:21:52 -0700 (PDT)
MIME-Version: 1.0
References: <d74add8f-8964-1c0f-cd2e-f10867390883@nic.cz> <472EC8F4-A610-4FF1-825B-2427AEE31F25@rfc1035.com>
In-Reply-To: <472EC8F4-A610-4FF1-825B-2427AEE31F25@rfc1035.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 11 Apr 2019 14:21:40 -0400
Message-ID: <CAHbrMsBw-zkrGm4Byk3Z2yNxgzaO_dKN-czbbGK-No+0JSWh4Q@mail.gmail.com>
To: Jim Reid <jim@rfc1035.com>
Cc: Tomas Krizek <tomas.krizek@nic.cz>, DoH WG <doh@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000b1742f05864542fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/tC5448HdVD3yBjjj_rSrp6p5rP4>
Subject: Re: [Doh] Dedicated DoH port
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 18:21:57 -0000

Tomas, as you know, DNS-over-HTTPS is an HTTP service, identified by a
unique path.  HTTP is designed to multiplex multiple services on different
paths, sharing the same port.

Rather than choose a fixed port from the ephemeral range (which may already
be in use if you are sufficiently unlucky), I recommend using 443 as the
default for users who do not want multiplexing, and implementing FastCGI
support for users who want to operate their own HTTPS frontend.  This would
give you compatibility with essentially all common HTTPS frontend servers:
https://en.wikipedia.org/wiki/FastCGI#Web_servers_that_implement_it.

On Thu, Apr 11, 2019 at 2:11 PM Jim Reid <jim@rfc1035.com> wrote:

>
>
> > On 11 Apr 2019, at 18:41, Tomas Krizek <tomas.krizek@nic.cz> wrote:
> >
> > Since there is currently no IANA assigned DoH port, I've filed the
> > following user port request with IANA to establish a common default that
> > could be used among DNS vendors.
> >
> > Service Name:         [domain-doh]
> > Desired Port Number:  [44353]
> > Description:          [DNS query-response protocol over HTTPS]
>
> This seems a bit hasty. Perhaps there should be an I-D or RFC first?
> Allocating a port number from the well-known range might be a wiser choice
> than arbitrarily choosing 44353.
>
> I'm not sure it's a good idea to allocate a port number just so someone
> can run a web server and DoH-capable DNS server on the same box. That's
> unlikely to be a common use case. Besides, the web server could just
> forward inbound DoH queries to port 53 over the loopback interface. Or
> something like that.
>
> Another solution might be to update the current discovery draft to include
> an (optional?) port number as well as the IP address to use for DoH service.
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>