Re: [Doh] Mozilla's plans re: DoH

Tony Finch <dot@dotat.at> Thu, 28 March 2019 16:08 UTC

Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C110120096 for <doh@ietfa.amsl.com>; Thu, 28 Mar 2019 09:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B26Aqi5LtpTt for <doh@ietfa.amsl.com>; Thu, 28 Mar 2019 09:08:57 -0700 (PDT)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [131.111.8.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D4A212008A for <doh@ietf.org>; Thu, 28 Mar 2019 09:08:57 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:34194) by ppsw-33.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.139]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1h9XaJ-000mnp-gF (Exim 4.91) (return-path <dot@dotat.at>); Thu, 28 Mar 2019 16:08:55 +0000
Date: Thu, 28 Mar 2019 16:08:55 +0000
From: Tony Finch <dot@dotat.at>
To: Brian Dickson <brian.peter.dickson@gmail.com>
cc: Eric Rescorla <ekr@rtfm.com>, DoH WG <doh@ietf.org>
In-Reply-To: <CAH1iCiqPJK=QAVvNufhGJ=uq2d9Znh2puau9GnQukw8vbiu3Ww@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.1903281559460.13313@grey.csi.cam.ac.uk>
References: <CABcZeBOk5bM+3G2Jd3Lu33Z08gc=AeoZ8UFHzN6AYk4f_hjZ8Q@mail.gmail.com> <CABcZeBPUh6x=D+GfKg11+4bRouZdm1LcZvLm1jd4UUEJA832BQ@mail.gmail.com> <alpine.DEB.2.20.1903271629430.13313@grey.csi.cam.ac.uk> <CABcZeBOv0S8gHMYejhGkSncB4kX7KVFiYP3bHPLimdZ==epQQg@mail.gmail.com> <CAH1iCiqPJK=QAVvNufhGJ=uq2d9Znh2puau9GnQukw8vbiu3Ww@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/wMu0ixJT13aB1-H29ixkktgVjaY>
Subject: Re: [Doh] Mozilla's plans re: DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 16:08:59 -0000

Brian Dickson <brian.peter.dickson@gmail.com> wrote:
>
> If you do QNAME minimization and compare the delegations returned from the
> system resolver and DoH server, if they don't have identical results, that
> should point to the need to use the system resolver.

There are situations where that isn't sufficient, e.g. our private zone
has the same name servers for its internal and external views.

(Also QNAME minimization in the client to a cloudy resolver is going to be
really slow!)

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Fair Isle: Southwest 7 to severe gale 9, veering west 6 to gale 8 later. Rough
or very rough, occasionally moderate in southeast, but high at first in west.
Occasional rain later. Good, occasionally moderate later, but poor at first in
west.