My main suggestion is to lose the Proxy-DNS-Transport header and
always have the request and response in TCP format.
The HTTP payload should always be unframed (like DNS over UDP) regardless
of the upstream DNS transport, since HTTP already provides content-length
framing so there's no need to repeat the message length. Like TCP, the
EDNS0 UDP buffer size is irrelevant for HTTP.
The reason to use TCP framing is so that you can send multiple DNS
requests in a single http request and get back multiple answers. Recent
messages here suggest that's of considerable interest, and if you're only
sending one request, the two bytes of TCP length are tiny compared to the
http headers.
It occurs to me that this crock is not inherently much slower than regular
TCP over DNS. In both cases the client opens a connection and sends out
the request, and the server sends back the answer. In both DNS and most
versions of http you can leave the connection open and reuse it, probably
more important in http since you're likely reusing the TLS negotiation
too.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
