John, At 2016-07-11 23:50:05 -0000 "John Levine" <[email protected]> wrote:
> >Please review this draft to see if you think it is suitable for adoption > >by DNSOP, and comments to the list, clearly stating your view. > > Yes, we should adopt it. It needs some work, but what draft doesn't. > > >Please also indicate if you are willing to contribute text, review, etc. > > Yes. > > My main suggestion is to lose the Proxy-DNS-Transport header and > always have the request and response in TCP format. If the server > doing the http-to-DNS proxy wants to microoptimize and try the query > as UDP and see if it works, that's fine, but I'm guessing that the > proxy will usually be close to the cache it's using so the penalty for > TCP will be low. Remember, we want DNS-over-HTTP to be able to handle existing DNS stub resolvers. The motivation for UDP is to keep the client side of the DNS over HTTP proxy simple. ---- If you always send TCP, then the client side may receive a response which will not fit into either the 512 byte or EDNS buffer size. The client side then has to remove RRset from the response to try to get it to fit into the right size, possibly setting the truncation bit (TC=1). This requires that the client side actually know quite a bit about DNS, and be able to process DNS packets. You cannot do this on the server side of the DNS-over-HTTP because the server would not have any way to distinguish between a UDP packet without a EDNS buffer size and a TCP message. So it would not know if it had to assume a 512 byte maximum or a 65535 byte maximum. Even if it could, it would still have to have all of the same logic needed to reduce DNS message size by removing RRset. ---- If we can instead pass the stub DNS packet through exactly as it came to the client DNS-over-HTTP proxy then the DNS server will be able to remove RRset to make sure the response is small enough. The DNS server already has to be able to do this, so no additional code is needed. Neither the DNS-over-HTTP client or server has to actually understand DNS messages. :) Cheers, -- Shane
pgp5ef1eNsmi8.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
