DavidSchinazi
commented
5 years ago Perhaps would could encode this hint by sending an empty DoH URI? Do you want to send us a PR that defines this?
Open DanDruta opened 5 years ago
DavidSchinazi
commented
5 years ago Perhaps would could encode this hint by sending an empty DoH URI? Do you want to send us a PR that defines this?
DanDruta
commented
5 years ago The empty DoH URI would be the easiest solution. I'm just a bit concerned that can be interpreted by the client as an omission by mistake as opposed to a more explicit OPT-OUT hint. I will send a pull request with the empty URI. In a way we need to be able to define the expected behavior for the client if:
DavidSchinazi
commented
5 years ago I think the DoH URI not resolving should be treated similarly to any query failure: the client then falls back to whichever DNS mechanism it would have used in the absence of this header. But making that explicit in the document sounds like a good idea.
The current draft allows for the server to specify its own DoH server as an alternative to the one configured in the user-agent/client. It should be possible for the server to indicate its choice to opt-out of the use of DoH altogether. In this case the client should be able to honor the request by disabling the DoH for the specific domain and use standard DNS mechanisms for subsequent queries. This type of configuration should allow the server owner to optimize for certain types of traffic such as on mobile networks. It should help them to predict and improve performance even if they don't plan to run a DoH server of their own. On the client side there should be a setting when enabling DoH to select if the user chooses to honor the opt-out request or not including by creating a white-list of servers for which they want this request to be always fulfilled. This is a simple granular approach and should allow the user and the server to be in control of the DNS resolution options.