This document is a good idea, but it has some faults that need to be
fixed before it goes forwards.
- In the Introduction, it says in essence that this is just using HTTP
to tunnel DNS and is not of use to web browsers. This is wrong, I
believe. JavaScript in browsers cannot create port 53 queries, but they
can create arbitrary HTTP/HTTPS queries. This protocol would allow
JavaScript apps to get DNS responses as long as they could cobble
together the request bytes and interpret the response. It would be ugly,
yes, but so is a lot of stuff I see in JavaScript these days.
- Using POST for queries goes against the design of HTTP. POST is for
requests that change state on the server, and DNS queries are not that.
This protocol should use GET.
- The lack of a common URI template will completely prevent
interoperability. You should instead use .well-known prefix for getting
the syntax as described in RFC 5785.
- Section 3.3 is completely unclear. Either prohibit the two-byte length
added for TCP queries, or require them all the time. Making them
optional will make interoperability difficult or impossible.
- Having no security considerations for a protocol that has optional
HTTPS seems like a big oversight.
Hope this helps!
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
