DNS Over HTTPS (doh) Internet Drafts

      
 Associating a DoH Server with a Resolver
 
 draft-ietf-doh-resolver-associated-doh-03.txt
 Date: 24/03/2019
 Authors: Paul Hoffman
 Working Group: DNS Over HTTPS (doh)
 Formats: txt
Browsers and web applications may want to know if there are one or more DoH servers associated with the DNS recursive resolver that the operating system is already using. This would allow them to get DNS responses from a resolver that the user (or, more likely, the user's network administrator) has already chosen. This document describes two protocols for a resolver to tell a client what its associated DoH servers are. It also describes a protocol for a client to find out the address of the resolver it is using, if it cannot find that address by an operating system API or some other means.

DNS Over HTTPS (doh)

WG Name DNS Over HTTPS
Acronym doh
Area Applications and Real-Time Area (art)
State Active
Charter charter-ietf-doh-01 Approved
Dependencies Document dependency graph (SVG)
Additional URLs
- Wiki
- Issue tracker
Personnel Chairs Benjamin Schwartz
David Lawrence
Area Director Barry Leiba
Tech Advisor Warren Kumari
Mailing list Address doh@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/doh
Archive https://mailarchive.ietf.org/arch/browse/doh/
Jabber chat Room address xmpp:doh@jabber.ietf.org?join
Logs https://jabber.ietf.org/logs/doh/

Charter for Working Group

This working group will standardize encodings for DNS queries and responses
that are suitable for use in HTTPS. This will enable the domain name system to
function over certain paths where existing DNS methods (UDP, TLS [RFC 7857],
and DTLS [RFC 8094]) experience problems.

The working group will re-use HTTPS methods, error codes, and other semantics
to the greatest extent possible. The use of HTTPS and its existing PKI
provides integrity and confidentiality, and it also allows interoperation
with common HTTPS infrastructure and policy.

The primary focus of this working group is to develop a mechanism that
provides confidentiality and connectivity between DNS clients (e.g., operating
system stub resolvers) and recursive resolvers. While access to
DNS-over-HTTPS servers from JavaScript running in a typical web browser is not
the primary use case for this work, precluding the ability to do so would
require additional preventative design. The working group will not engage in
such preventative design.

The working group will analyze the security and privacy issues that
could arise from accessing DNS over HTTPS. In particular, the working
group will consider the interaction of DNS and HTTP caching.

The working group will coordinate with the DNSOP and INTAREA working groups
for input on DNS-over-HTTPS's impact on DNS operations and DNS semantics,
respectvely. In particular, DNSOP will be consulted for guidance on the
operational impacts that result from traditional host behaviors (i.e.,
stub-resolver to recursive-resolver interaction) being replaced with the
specified mechanism.

Specification of how DNS-formatted data may be used for use cases beyond
normal DNS queries is out of scope for the working group.

The working group may define mechanisms for discovery of DOH servers
similar to existing mechanisms for discovering other DNS servers if
the chairs determine that there is both sufficient interest and
working group consensus.

The working group will use draft-hoffman-dispatch-dns-over-https as input.

Milestones

Date Milestone
Sep 2019 Submit Resolver Associated DoH to the IESG
Jul 2019 Resolver Associated DoH Last Call
Done Submit specification for performing DNS queries over HTTPS to the IESG for publication as PS
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools