CNAME Discovery of Local DoH Resolvers
draft-rescorla-doh-cdisco-00

Document Type Active Internet-Draft (individual)
Authors Eric Rescorla  , Jason Livingood 
Last updated 2020-06-25
Stream (None)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        E. Rescorla
Internet-Draft                                                   Mozilla
Intended status: Informational                              J. Livingood
Expires: 27 December 2020                                        Comcast
                                                            25 June 2020

                 CNAME Discovery of Local DoH Resolvers
                      draft-rescorla-doh-cdisco-00

Abstract

   This note describes a simple mechanism for determining whether an
   Internet Service Provider (ISP) network is operating a DNS over HTTPS
   [RFC8484] server on it for users connected to that network.

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/ekr/draft-rescorla-doh-cdisco
   (https://github.com/ekr/draft-rescorla-doh-cdisco).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 27 December 2020.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Rescorla & Livingood    Expires 27 December 2020                [Page 1]
Internet-Draft             CNAME DoH Discovery                 June 2020

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  DoH Resolver Discovery  . . . . . . . . . . . . . . . . . . .   3
     3.1.  Why DNS?  . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  Why a CNAME?  . . . . . . . . . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Some applications perform their own name resolution rather than using
   the system resolver, typically using an encrypted protocol such as
   DoH [RFC8484].  These applications have the choice of using either
   the same recursive resolver configured into the system or of using a
   resolver chosen out of a preconfigured list of trusted resolvers in
   an application, such as in [DOHTRR].

   If all of the trusted resolvers are publicly available, then there
   are a number of mechanisms for choosing between them, for instance
   randomly or based on performance.
   [I-D.arkko-abcd-distributed-resolver-selection] describes a number of
   potential mechanisms.  However, if the list of trusted resolvers
   includes Internet Service Providers (ISPs) and the client is on a
   network associated with such a provider, then it may be desirable to
   preferentially select the resolver associated with that provider.
   This provides the benefits both of using a DNS resolver with a known
   policy and using a resolver that has high quality local information
   about the local network topology.

   This document describes a mechanism to address this situation.  This
   mechanism is being tested in the Firefox browser with Comcast's
   resolvers.

Rescorla & Livingood    Expires 27 December 2020                [Page 2]
Internet-Draft             CNAME DoH Discovery                 June 2020

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
Show full document text