On Sun, 24 Mar 2019 at 17:17, Joel Jaeggli <joe...@bogus.com> wrote:

>
>
> On Mar 24, 2019, at 08:59, Matthew Pounsett <m...@conundrum.com> wrote:
>
>
>
> On Sun, 24 Mar 2019 at 11:46, Paul Hoffman <paul.hoff...@icann.org> wrote:
>
>>
>> > I'm also not too hot for conflating "user consciously changes
>> > /etc/resolv.conf or equivalent" with "application makes the choice for
>> the
>> > user".
>>
>> The split here is more "someone changes from traditional without the user
>> knowing, when the user cares". If you have a better way to express that,
>> that would be great.
>>
>> > Perhaps we should talk about 'Per-application stubs'? Because this is
>> the
>> > nub.
>>
>> Maybe, but I'm hesitant to make the break that way because some
>> applications' stubs use the traditional resolver, others don't. I would be
>> hesitant to conflate those two.
>>
>
> I don't think the current wording for DaO expresses the same point that
> you've made here.  In particular, mentioning that DaO might refer to a user
> modifying /etc/resolv.conf is inconsistent with the intent that DaO is
> sending queries somewhere other than where the traditional configuration
> says.  /etc/resolv.conf (and its equivalents in non-unix OSes) *are* the
> traditional place to configure that.  Whatever that file says, I think any
> resolver that is consulting that file to find its upstreams is doing DaT.
>
>
> I think we’re at the point where using acronyms is is obscuring the detail
> of what is being described. If and acronym describes a protocol or an
> architectural feature that is unambiguous, great.
>
>
> How about:
>    DaO: DNS resolution between a stub resolver and a recursive resolver
> that
>    differs from the recursive resolver configured in the traditional
>    location(s) for a system.
>
>
> This describes a multitude of systems of varying implementation. It would
> seem for example to include bonjour, a tor client, some vpns and many
> operating system container environments.
>

I may be wrong, but I don't believe bonjour uses RDoT or DoH.

The VPNs you reference are, I think, intended to be covered by the term, so
I think the definition works there.

 I don't think I have an opinion on whether Tor should or shouldn't be
covered by the definition (although others might), so if you wanted to
suggest text that excluded it I think people would consider that.

I don't think container environments are included in the definition either,
because in a container environment the container's resolution path is the
traditional point of configuration for that type of system.  Perhaps the
word "traditional" is too ambiguous, and leads people to think more
"historical" than "typical"?


>
> DaO can be configured by a user changing where a
>    stub resolver gets its list of recursive servers, or an application
> running
>    RDoT or DoH to a resolver that is not the same as the resolver
> configured
>    in the traditional location for the operating system.
>
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to