Martin Thomson wrote:
+1 to this.
And maybe there is an outcome that doesn't need this parameter. I
probably misunderstood some of the expectations people have for the
parameter. With the benefit of time and sleep, it's possible that I
now understand the disconnect.
My model of content-type - and by extension its parameters - is of a
description of the content. However, it appears as though at least
some people had different uses for the parameter: for requests, it
would be an instruction/suggestion to the server to make a DNS request
using the identified transport; for responses, it would be a
description of where the DNS request came from.
my original design added an http header, which was seen as even worse.
someone suggested adding to the content-type, and i went along with it
even though there is no difference in actual type of actual content.
I never considered that interpretation, but - assuming that this is
what it was - and the intent was to provide a means for the client to
control how the server makes requests (and to see how they were made).
In that case, I have a possible alternative design for the use case in
the dnsop draft.
Right now, DOH doesn't really say how a DNS API Server gets its
responses. It could be that the API server is part of a resolver, or
it could be that the DNS API Server makes a request to another
resolver. But specific uses of the DOH protocol could come with
additional constraints that would enable the use cases in the dnsop
draft, at least as I understand them.
this all sounds good to me.
If the goal of the dnsop draft is to extend the reach of a DNS client
(note: not a DNS API client) across a network that is in some way less
hostile to HTTP than it is to DNS, then I think that it can still use
DOH. A DNS API server could be configured to operate in a very simple
mode with no caching, just direct transposition of a request from HTTP
to a request on UDP or TCP. A DNS client could be configured with two
DNS API clients. Each client uses a different DNS API Server
endpoint. Those endpoints would be specifically configured to use
only UDP or TCP.
For instance:
https://use.only/tcp{?dns} would cause the server to make a request using TCP.
https://use.only/udp{?dns} would cause the server to make a request using UDP.
At this point, this is simple DOH, but with extra contextual
information about server operation.
i am generally supportive of this approach; in fact i wish i'd thought
of it. the specifics will be different, as in:
/proxy_dns?proto=tcp
/proxy_dns?proto=udp
but i agree that encoding the original transport in the URI is better
than either extending the content-type or adding another http header.
---
i object, as before, to "dns-udpwireformat" as a name. these are dns
messages, which when carried by udp are raw, and when carried in tcp are
preceded by a two-octet length indicator for framing of multiple
messages sharing the same stream. so, the string to be registered should
be "dns-message".
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
