On Apr 3, 2018, at 1:00 PM, Dave Lawrence <t...@dd.org> wrote: > That testing TCP capabilities part is a distraction from the core > motivation. The request makes sense from a dumb transparent proxy > point of view, where there's a regular DNS resolver on the one end who > just wants to be able to get DNS messages through an HTTPS tunnel. > Media type isn't the right way to achieve that, but the key idea is sound.
This didn't actually clear things up for me. I think that what you mean is that you don't want the tunnel server to do truncation detection and retry over TCP—is that right? If so, that's a point worth discussing explicitly. I think you could make arguments for both positions. Given that you're doing DNS-over-HTTP-over-SSL-over-TCP here, the tunnel server definitely could do truncation detection and retry, and that would probably perform better. Also, if it's a DNS server that's just consulting its cache, doing truncation is just a waste of time. But possibly I misunderstood your point?
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
