Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses

Paul Wouters <> Wed, 19 March 2014 18:34 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C64381A071A for <>; Wed, 19 Mar 2014 11:34:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T20vOtb0LZKf for <>; Wed, 19 Mar 2014 11:34:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A4E071A06FD for <>; Wed, 19 Mar 2014 11:34:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 687F6800AF; Wed, 19 Mar 2014 14:34:28 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1395254068; bh=mlIaqZH/YDpBz6kTl6iv2IpCCGJoDU4bEtXzpz20X2c=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=WgN8dNh+uRAuAXLzegyuzrajx+eeQ+OPhKG4yJXLyEh0SbDLuCpD0khAGWixqH6dU X5Zwr/ErWoUSs1pVtjocR8zysvbSPt5IYJfz+QJMbPc+9ViuGzV/3TEr83XLj70sFi WidR56sHacADyLcSjVIYwR0yjEKWCO2+zhhnL9u0=
Received: from localhost (paul@localhost) by (8.14.7/8.14.7/Submit) with ESMTP id s2JIYR2S021398; Wed, 19 Mar 2014 14:34:27 -0400
X-Authentication-Warning: paul owned process doing -bs
Date: Wed, 19 Mar 2014 14:34:25 -0400
From: Paul Wouters <>
To: Phillip Hallam-Baker <>
In-Reply-To: <>
Message-ID: <>
References: <> <> <>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: Tony Finch <>,
Subject: Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Mar 2014 18:34:40 -0000

On Wed, 19 Mar 2014, Phillip Hallam-Baker wrote:

[ still finding your replies to replies basiclly unreadable due to your
   email client quoting settings, so if I'm mis-attributing, thats why.
   When these go like 3 deep, I basically have to just give up and delete
   the emails unread. You are the only person I have this problem with,
   and plenty of people use gmail.]

> On Wed, Mar 19, 2014 at 2:06 PM, Tony Finch <> wrote:
>       Phillip Hallam-Baker <> wrote:
>       >
>       > In particular, if we let a DNS query ask more than one question at a
>       > time then we improve latency of responses.
> No need to change the protocol, just make the queries concurrently. If
> your implementation makes that slow, fix the implementation. You would
> have to fix it anyway in order to support the protocol changes, so you
> might as well do the fix without the protocol change. No need to waste
> time and money on talking about paper protocols.
> This is not a change. It is implementing RFC1035 as written. 
> BIND and co have done it wrong all these years. If the implementations are not wrong then where is the RFC that states QDCOUNT = 1?

We tested this a few months ago while discussing draft-wouters-edns-keepalive using
a modified dig command.

All servers support multiple queries at once fine. Only google dns
capped it at 80 queries before closing the connection. Things will be
different when the TCP connection is idle of course, as the server might
hang up on you, hence the above mentioned draft to match up client and
server behaviour.

> I have talked to the engineers at several browser companies and they tell me that parallel queries do not actually work the way you imagine.

All the more reason for draft-wouters-edns-keepalive (and