Re: [Doh] [Ext] DNS over HTTP/3?

Ask Bjørn Hansen <ask@develooper.com> Mon, 19 November 2018 19:18 UTC

Return-Path: <ask@develooper.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FCF3130DE2 for <doh@ietfa.amsl.com>; Mon, 19 Nov 2018 11:18:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj3eUesBo0p3 for <doh@ietfa.amsl.com>; Mon, 19 Nov 2018 11:18:30 -0800 (PST)
Received: from mbox1.develooper.com (mbox1.develooper.com [207.171.7.178]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D2B312785F for <doh@ietf.org>; Mon, 19 Nov 2018 11:18:30 -0800 (PST)
Received: from mbox1.develooper.com (mbox1.develooper.com [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mbox1.develooper.com (Postfix) with ESMTPS id A6161176075 for <doh@ietf.org>; Mon, 19 Nov 2018 11:18:29 -0800 (PST)
Received: (qmail 10796 invoked from network); 19 Nov 2018 19:18:27 -0000
Received: from unknown (HELO ?192.168.2.3?) (ask@mail.dev@104.153.224.166) by smtp.develooper.com with ESMTPA; 19 Nov 2018 19:18:27 -0000
From: =?utf-8?Q?Ask_Bj=C3=B8rn_Hansen?= <ask@develooper.com>
Message-Id: <60383420-A392-493E-9E09-52D649E35E9C@develooper.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AD6D7752-35AD-4B40-92F6-FAF7DFB29482"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Mon, 19 Nov 2018 11:17:45 -0800
In-Reply-To: <20181119151209.GC11506@server.ds9a.nl>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "doh@ietf.org" <doh@ietf.org>
To: bert hubert <bert.hubert@powerdns.com>
References: <20181119100954.GA6704@server.ds9a.nl> <5BE15B68-1C61-4462-AE84-901E2CF0F9F9@icann.org> <20181119151209.GC11506@server.ds9a.nl>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/VdgYlw1rqAdzWgeNsl67LEahZa4>
Subject: Re: [Doh] [Ext] DNS over HTTP/3?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 19:18:31 -0000


> On Nov 19, 2018, at 7:12 , bert hubert <bert.hubert@powerdns.com> wrote:
> 
> My personal observation is that on a slightly bad network, turning off DoH
> speeds up things massively and makes the web useable again.  This naively
> makes sense, DoH uses way more packets and suffers from Head of Line
> blocking, unlike plain DNS.


Wouldn’t comparing to DNS-over-TLS be a more relevant/fair comparison?

DoH makes sense, I believe, if you need a long-lived/persistent connection because we get to take advantage of improvements in HTTP/3, etc, without “extra DNS work”.

If you don’t need a session (or encryption) or compare with clients that don’t, that’s never going to look favorable.

Many new DNS features require a session so as those gain adoption DoH should look more favorable.


Ask