Re: [Add] Mozilla's DoH resolver policy
Ted Hardie <ted.ietf@gmail.com> Fri, 12 April 2019 17:55 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17F89120260 for <add@ietfa.amsl.com>; Fri, 12 Apr 2019 10:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXzM_dCBwEtW for <add@ietfa.amsl.com>; Fri, 12 Apr 2019 10:55:03 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 920921200B1 for <add@ietf.org>; Fri, 12 Apr 2019 10:55:03 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id n11so9249429ioh.1 for <add@ietf.org>; Fri, 12 Apr 2019 10:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SwEdZ3ZfeMspKZRJ4JBsN1oN2DGPQ1mAjbrOen8tJH0=; b=E+Lm6ZFsjawawsxWHjXWy3uWnbre8JKFEXRo2stDTwVnBlZ0zY7AfjVXw/NZh59wot eRRMxGZz0Xd9ED6b5luF3Kc/8dtRGac3hmOZqg3/Nz6oi81ePSQyrRMNB5CsZvtGlYi2 B3PqVksVTprMzjMj4s7/cjW8GouNcEN6u22GoQ4tbO9IBqxEds+nsmks9AsWZd+WJYD8 WN2IOwZmCFykE1+O4ugUPwgRBaoHfrOpQEKKI+e9dKix1Rp96DTw5lrNIit3bLCtyRcY 180u7rDaoQWhT0UBDTIqmRVplW9OoowHB+c/r4KQDKgMSIW6NVjvcXWMNib+qJdfIZ1J 5y8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SwEdZ3ZfeMspKZRJ4JBsN1oN2DGPQ1mAjbrOen8tJH0=; b=FszTwqbLu7Xj1Qhsi+UDH/XPLefDqJeHHEqcqNiVSJJJJFte6Iqfl4gyRVDjmaBQKP 9vvMH9Uppi+ZmNRjrohP3foSkBEcq7CjSP1fCgUf6Q+HTRqk4JyJ8TUlbsV0JeQFvRj1 SOE6u3CSu67jCLTMoNwaQz32YuykYvBVPMNNcrec8NInq9HAmz0dSTJ7DWZwxAqDvl0q rVLWt23kk88l+eyiLtUj4+Kq0dYgs6G9SezrkUEtmtRv55QlmNsUxMoyu8rV3kxKvKuq 0gbLxzr5YRUnDDv07NIAilx3XF+xJ01jk6O1qk0XgROJJLWkr6lpyFKJG+VtB1KZQ4Sl UdtA==
X-Gm-Message-State: APjAAAXwOjRVIRtrOMGdAC/ugA8ceiO5ytfeMgIegk79G0U2c01lKyI3 tLSpuUjtu+M5nnVW9pLcBqNKU6xZk4U5C+P4YMFFvw==
X-Google-Smtp-Source: APXvYqw8AKUrxXcQr9bEa5Z2Hb+weT6NCF4rcXO6ScUk0HH6vwVZUytomOL0WwOl2IOJaJjFE/Av4kNUBGEdIqGE05k=
X-Received: by 2002:a6b:6f09:: with SMTP id k9mr633645ioc.163.1555091702619; Fri, 12 Apr 2019 10:55:02 -0700 (PDT)
MIME-Version: 1.0
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com> <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de> <994839978.18707.1554973716877@appsuite.open-xchange.com> <af5f5c76-0095-65a0-39d1-d29d4bb0e906@mozilla.com> <ybl36mn8b54.fsf@w7.hardakers.net> <f9d0cd98-db0c-7f42-d351-d9a5002c4765@mozilla.com>
In-Reply-To: <f9d0cd98-db0c-7f42-d351-d9a5002c4765@mozilla.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 12 Apr 2019 10:54:35 -0700
Message-ID: <CA+9kkMAobw2giYO=8pbLVi4ms0Ru+nYwhV5DGxLCwaUdX6EQyQ@mail.gmail.com>
To: Peter Saint-Andre <stpeter@mozilla.com>
Cc: Wes Hardaker <wjhns1@hardakers.net>, add@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008725b8058659003f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/imfVMJjvpdTXLT7GULswH8DklDk>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 17:55:06 -0000
Howdy, On Fri, Apr 12, 2019 at 10:14 AM Peter Saint-Andre <stpeter@mozilla.com> wrote: > > > Have you considered randomly rotating all queries > > through every item in the list, > > We've considered random rotation but "there are problems with this". > > So, I assume Wes didn't mean sending all queries to all entities on the list, because that would be wasteful of bandwidth and very leaky of information. I think he meant "random rotation", which is the question you answered. But the reality is that folks have been dealing with the DNS round-robin problem a long time and the change in transport protocols doesn't change the parameters of the problem that much. Generally speaking, you are optimizing for reduced latency. I think it was Duane Wessels who introduced the "ladder race" method, which works pretty well over time; there are also lots of variations of it. Ladder race works by starting from a list, either with a known default or no default. You pick two for the first query and race them. The winner becomes the default and is raced against a random member of the list for the next query or after a period of time--in this case, I'd suggest basing that time period on the HTTPS set up time (e.g. 5x the set-up time). Once you have raced the entire list, you have a resolver choice that has the lowest latency for that particular client. You then re-race after a longer elapsed period of time; if you get the same choice, you lengthen the time between races. Every time the race returns the same choice, the signal that this is a stable choice increases and the time lengthens. If there is a change, you drop back to a shorter race time. What this should do is associate the clients with the lowest latency resolver. If a resolver gets busy, its latency will increase and it will go down in the races and shed clients, so this is a blended signal of network distance and resolver load. It will vary over time, but there are lots of clients for whom that variation won't result in a change in assigned server. In this case, you also don't need all the servers to speak the same protocol; you could blend DoT and DoH servers into the same list. That might actually reward the use of DoT where it is not blocked, because the response time for a cache fill is likely to be a bit better (as there is less overhead without the mime-type processing in DoH). Mechanisms like ladder race and its variations basically provide you some way gathering data to make the choice in a way that optimize what you want; the key is doing it in a way that is friendly enough to the resolvers and the network. But I don't think this is a new problem, even if this code is new to Firefox. regards, Ted
- [Add] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Martin Thomson
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Jim Reid
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Manabu Sonoda
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Ray Bellis
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Daniel Stenberg
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] [Ext] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] [Ext] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] [Ext] Mozilla's DoH resolver policy Brian Dickson
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] Mozilla's DoH resolver policy Mark Andrews
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Salz, Rich
- Re: [Add] Mozilla's DoH resolver policy Ben Schwartz
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Geoff Huston
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] ECS privacy concerns, alternatives? Erik Nygren
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Paul Hoffman
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Hollenbeck, Scott
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] ECS privacy concerns, alternatives? Puneet Sood
- Re: [Add] ECS privacy concerns, alternatives? Erik Kline
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson