Re: [Doh] special meta QTYPEs

Ben Schwartz <bemasc@google.com> Thu, 07 June 2018 10:30 UTC

Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAFB7130EE1 for <doh@ietfa.amsl.com>; Thu, 7 Jun 2018 03:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.209
X-Spam-Level:
X-Spam-Status: No, score=-18.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EzL5l9syRMl for <doh@ietfa.amsl.com>; Thu, 7 Jun 2018 03:30:17 -0700 (PDT)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15353130ED2 for <doh@ietf.org>; Thu, 7 Jun 2018 03:30:13 -0700 (PDT)
Received: by mail-it0-x234.google.com with SMTP id p185-v6so11999596itp.4 for <doh@ietf.org>; Thu, 07 Jun 2018 03:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DU+ZWUHCbUSirH7co7XfVLVQHr0WqCmwam4Wnj+U2Cg=; b=sznsv77cmtR5Sm1Bxe+YT8zf2XFBfjAXlif2Yn5a1CS4b2gy5RgsLWhKkiik8UMrdC PGD83moD2DByNWqHiNPIo8SZpE9g4UjTeAs2jqglxc88qJgPo8u7Z8AwRyAF1SQ+2xa3 dLu0fddcxY+UuvWULpAWd3ge//Et8dExTWRQmRP1HNlEWU6LMRQJem+LceP/Lx5EJ4P3 95MHVAuQNfrvyImy+Ubd2WsySWva1inIZi+tgUBleP7X3dsgzLqBNrhQ+78NqKGCRdZk /Ldj1Axc7YLnhwj3a9+HjZBMY3r7CO0wCuedOK3XfvmnkR4Muy2zTTZoEEMUFQkPguEg wfyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DU+ZWUHCbUSirH7co7XfVLVQHr0WqCmwam4Wnj+U2Cg=; b=a1YpKIt/AOTndNaDuMRd269Cf2eNGCH6EFx06D8i7AaqFXPZ3DhWtSTy0ig23dDVqc DJ0TUWM6tFeZ1NSHWjF89DeJxPouSWnMq6Ist+8DHr/vx9JRy/LDAUMr0Ey51dL+tjsS tgNJA/Iaq2ytT4RLc1tjOaX+3b7eWdVXnp8ysXQ9Ry4uvHuVp8NVMjEWg8MgcUvgT46k sRvWkv/O+5mTJUQ+5f4ENr9LpUdjI9H5DaRfGLcZx5+ZvNqStY50iAqPv1SmAYaavqec fZQNh0lSUTyLqhFa14vne7tABFowa89xWKxo5vAuz2DcZcNVbH5P+xugzkD7NsjksQQj rTZw==
X-Gm-Message-State: APt69E1rED5u6FFfl3EglZtRKx0lud48Wqlbdxyx75ox0NPxx/hiyGQu UHmkiJV5ZuKIGSnzO0xmotP4cx7g4JrAuhjSGvEjjK8zlww=
X-Google-Smtp-Source: ADUXVKKiQXV8SBCeNUX6cUhk9sPQAvkxr99NNNMAHmBWBXLhr0eA/gncIQZf9XJbee2g6Fy1OTnVgcEaKN8pigurHK8=
X-Received: by 2002:a24:1301:: with SMTP id 1-v6mr1374226itz.55.1528367411857; Thu, 07 Jun 2018 03:30:11 -0700 (PDT)
MIME-Version: 1.0
References: <alpine.DEB.2.11.1806061519020.10764@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.11.1806061519020.10764@grey.csi.cam.ac.uk>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 7 Jun 2018 12:29:59 +0200
Message-ID: <CAHbrMsCM2OU3C=1iKwMA6dV6hGFhqTiAkGSLRsxoayUc1HhYWA@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: DoH WG <doh@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000b5f2f0056e0ac48c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/uej6lHnbkHma3x3NvrC0RShKEDk>
Subject: Re: [Doh] special meta QTYPEs
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 10:30:22 -0000

On Wed, Jun 6, 2018 at 4:50 PM Tony Finch <dot@dotat.at>; wrote:

> I think there needs to be some specific wording about query meta-types
> (i.e. 128 <= QTYPE <= 255).
>
> Meta-types can change the framing rules of the response, e.g. IXFR and
> AXFR, so a DoH server needs to understand them even if it is implemented
> as a mostly-blind proxy.
>
> My DoH implementation generates its own NOTIMP response if it gets a query
> with 128 <= QTYPE <= 254 (it allows QTYPE=*/ANY). The other meta type is
> OPT, but it isn't special-cased because it's safe to proxy.
>
> BIND returns FORMERR rather than NOTIMP for unknown meta-types; it
> seems to reserve NOTIMP for known but deprecated types.
>
> I think it is reasonable for an implementation to support TKEY or MAILA or
> MAILB if it wishes. I don't think it's possible to fit AXFR or IXFR into
> DoH because their responses involve multiple DNS messages.
>

Do you believe this is an intrinsic property of DoH, or can you imagine a
future media type that could represent AXFR in a single HTTP response?

Suggested wording:
>
>     A DoH server MUST return a DNS error response, either RCODE=1 (format
>     error) or RCODE=4 (not implemented) if it receives a request with an
>     unknown meta-QTYPE between 128 and 254 inclusive. The meta-QTYPE 255
>     (* or ANY) SHOULD be supported. The meta-QTYPEs 251 (IXFR) and 252
>     (AXFR) MUST NOT be supported and the DoH server MUST return an error
>     response.
>
>     This is because meta-QTYPEs can affect the way a DNS response is
>     framed; for example, AXFR and IXFR responses can span multiple DNS
>     messages, whereas A DoH response can only contain one DNS message.
>
> Tony.
> --
> f.anthony.n.finch  <dot@dotat.at>;  http://dotat.at/
> Humber: Variable mainly north, 3 or 4. Moderate at first in northwest,
> otherwise slight. Fog patches. Moderate or good, occasionally very poor.
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>