Bonjour uses DNS or mDNS. If it’s using DNS, it can in principle use DoT or DoH, and indeed “Back to my Mac” was using DoT before it was specified in an RFC. That functionality is still in the open source mDNSResponder code.
I realize that this is somewhat tangential to the point you were making but wanted to clarify this detail. On Sun, Mar 24, 2019 at 22:26 Matthew Pounsett <m...@conundrum.com> wrote: > > > On Sun, 24 Mar 2019 at 17:17, Joel Jaeggli <joe...@bogus.com> wrote: > >> >> >> On Mar 24, 2019, at 08:59, Matthew Pounsett <m...@conundrum.com> wrote: >> >> >> >> On Sun, 24 Mar 2019 at 11:46, Paul Hoffman <paul.hoff...@icann.org> >> wrote: >> >>> >>> > I'm also not too hot for conflating "user consciously changes >>> > /etc/resolv.conf or equivalent" with "application makes the choice for >>> the >>> > user". >>> >>> The split here is more "someone changes from traditional without the >>> user knowing, when the user cares". If you have a better way to express >>> that, that would be great. >>> >>> > Perhaps we should talk about 'Per-application stubs'? Because this is >>> the >>> > nub. >>> >>> Maybe, but I'm hesitant to make the break that way because some >>> applications' stubs use the traditional resolver, others don't. I would be >>> hesitant to conflate those two. >>> >> >> I don't think the current wording for DaO expresses the same point that >> you've made here. In particular, mentioning that DaO might refer to a user >> modifying /etc/resolv.conf is inconsistent with the intent that DaO is >> sending queries somewhere other than where the traditional configuration >> says. /etc/resolv.conf (and its equivalents in non-unix OSes) *are* the >> traditional place to configure that. Whatever that file says, I think any >> resolver that is consulting that file to find its upstreams is doing DaT.. >> >> >> I think we’re at the point where using acronyms is is obscuring the >> detail of what is being described. If and acronym describes a protocol or >> an architectural feature that is unambiguous, great. >> >> >> How about: >> DaO: DNS resolution between a stub resolver and a recursive resolver >> that >> differs from the recursive resolver configured in the traditional >> location(s) for a system. >> >> >> This describes a multitude of systems of varying implementation. It would >> seem for example to include bonjour, a tor client, some vpns and many >> operating system container environments. >> > > I may be wrong, but I don't believe bonjour uses RDoT or DoH. > > The VPNs you reference are, I think, intended to be covered by the term, > so I think the definition works there. > > I don't think I have an opinion on whether Tor should or shouldn't be > covered by the definition (although others might), so if you wanted to > suggest text that excluded it I think people would consider that. > > I don't think container environments are included in the definition > either, because in a container environment the container's resolution path > is the traditional point of configuration for that type of system. Perhaps > the word "traditional" is too ambiguous, and leads people to think more > "historical" than "typical"? > > >> >> DaO can be configured by a user changing where a >> stub resolver gets its list of recursive servers, or an application >> running >> RDoT or DoH to a resolver that is not the same as the resolver >> configured >> in the traditional location for the operating system. >> >> _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
