IETF Logo Mail Archive

Re: [Doh] DoT and DoH at Cambridge

Tony Finch <dot@dotat.at> Thu, 06 September 2018 10:32 UTC

Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CFED130E64 for <doh@ietfa.amsl.com>; Thu, 6 Sep 2018 03:32:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ufTjKJFXVgZz for <doh@ietfa.amsl.com>; Thu, 6 Sep 2018 03:32:54 -0700 (PDT)
Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63E73128CF2 for <doh@ietf.org>; Thu, 6 Sep 2018 03:32:54 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:46422) by ppsw-30.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1fxral-000OUN-eG (Exim 4.91) (return-path <dot@dotat.at>); Thu, 06 Sep 2018 11:32:51 +0100
Date: Thu, 06 Sep 2018 11:32:51 +0100
From: Tony Finch <dot@dotat.at>
To: Erik Kline <ek=40google.com@dmarc.ietf.org>
cc: doh@ietf.org, dprive@ietf.org
In-Reply-To: <CAAedzxpM=+TtH0wEyePWXLFKtgeFxkYpYyvCjz+aeG6PLrzV2g@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.1809061116410.5965@grey.csi.cam.ac.uk>
References: <alpine.DEB.2.20.1809061011520.5965@grey.csi.cam.ac.uk> <CAAedzxpM=+TtH0wEyePWXLFKtgeFxkYpYyvCjz+aeG6PLrzV2g@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/XbAev46KrPdedKgelwa9hAxApDA>
Subject: Re: [Doh] DoT and DoH at Cambridge
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2018 10:32:56 -0000

Erik Kline <ek=40google.com@dmarc.ietf.org> wrote:
>
> Ben Schwartz can comment further on whether there's an experiment
> ongoing or not.  However, these kind of queries are also used by the
> DoT code in Pie to help validate whether the DoT answering thing
> actually speaks DNS (as opposed to someone's random webserver they
> left running or whatnot). I wouldn't have necessarily expected the
> disparity between dnsotls queries and actual subsequent DoT traffic.
> Hmm...

Yes, I thought at first that they were "tap tap tap is this thing on?"
queries but the lack of followup real queries made me think otherwise.

I'm looking again now and there's a lot more real traffic, so it must have
been just the time of day (early evening) when I was examining the traffic
yesterday so there was a misleadingly low volume of traffic.

I should not be so quick to make inferences from too little data :-)

At the moment there's a roughy 1:10 ratio of probe queries to real
queries, typical TLS session is 30-40 milliseconds.

Thanks for prompting me to look again!

(X-proxied-for support would make this a bit easier...)

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
democracy, participation, and the co-operative principle

v2.23.0 | Report a Bug | By Email