Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses

Phillip Hallam-Baker <> Wed, 19 March 2014 18:19 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A38F01A04AF for <>; Wed, 19 Mar 2014 11:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kFjuR0spf_B0 for <>; Wed, 19 Mar 2014 11:19:53 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c03::22c]) by (Postfix) with ESMTP id B39EA1A06F0 for <>; Wed, 19 Mar 2014 11:19:52 -0700 (PDT)
Received: by with SMTP id hr13so6234515lab.17 for <>; Wed, 19 Mar 2014 11:19:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FIgY64mshn6p6a0gL9WkLLUuMY33C9tOozE7hp7qp8M=; b=unNl8WE6yDRpDgLZELmagFMHjXLftl5e9wGyIfax4zFziP60WMBnYib/YhO/pW+oQa yyZ2GqnaPi8XlYzMDV4r0plMTlEoo82ugtrXHcv+akcomSEIv3pi4Pvcx5qtFi6nJgue e8Dnw/4w3NVqlFdrhHssYYaoqo1tcj3i2E4FOC3u7UFFu54Ojz57WeLUu7oib5QeRf3H HbLQuLeIbaD1wQ8flFFcDCqNmN6rcbZmIjMYai4rrj/jPZLtS3qTzKDNPWLbfMmklp/t aac/+SOAVpOeoWF1eWtT3YanQWqmX+wL8n6GaAPzXwivZEsKpugtP479N7F8j1vNldWT DTOg==
MIME-Version: 1.0
X-Received: by with SMTP id o16mr26995369lal.9.1395253183379; Wed, 19 Mar 2014 11:19:43 -0700 (PDT)
Received: by with HTTP; Wed, 19 Mar 2014 11:19:43 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Wed, 19 Mar 2014 14:19:43 -0400
Message-ID: <>
From: Phillip Hallam-Baker <>
To: Tony Finch <>
Content-Type: multipart/alternative; boundary="001a11c33ef25dfdc104f4f9b26e"
Subject: Re: [dns-privacy] Multiple DNS requests per packet, multiple packet responses
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Mar 2014 18:19:54 -0000

On Wed, Mar 19, 2014 at 2:06 PM, Tony Finch <> wrote:

> Phillip Hallam-Baker <> wrote:
> >
> > In particular, if we let a DNS query ask more than one question at a
> > time then we improve latency of responses.
> No need to change the protocol, just make the queries concurrently. If
> your implementation makes that slow, fix the implementation. You would
> have to fix it anyway in order to support the protocol changes, so you
> might as well do the fix without the protocol change. No need to waste
> time and money on talking about paper protocols.

This is not a change. It is implementing RFC1035 as written.

BIND and co have done it wrong all these years. If the implementations are
not wrong then where is the RFC that states QDCOUNT = 1?

I have talked to the engineers at several browser companies and they tell
me that parallel queries do not actually work the way you imagine.

In the first place it is only possible to issue the queries at all if you
override the built in platform API. But even when you do, problems are
caused by middleboxes and ISPs which limit the number of concurrent queries.

For a resolver, the change is cheap. The benefit to the client is enormous.