Re: [Doh] DNS over HTTP/3?

"Ralf Weber" <> Mon, 19 November 2018 11:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 59F31127133 for <>; Mon, 19 Nov 2018 03:01:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f_0vPLjf7rBJ for <>; Mon, 19 Nov 2018 03:01:05 -0800 (PST)
Received: from ( [IPv6:2a01:4f8:a0:322c::25:42]) by (Postfix) with ESMTP id 7CFD5126CB6 for <>; Mon, 19 Nov 2018 03:01:05 -0800 (PST)
Received: by (Postfix, from userid 107) id 9951F5F40AFC; Mon, 19 Nov 2018 12:01:04 +0100 (CET)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 9F0085F40310; Mon, 19 Nov 2018 12:01:02 +0100 (CET)
From: "Ralf Weber" <>
To: "bert hubert" <>
Date: Mon, 19 Nov 2018 12:01:01 +0100
X-Mailer: MailMate (1.12.1r5552)
Message-ID: <>
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [Doh] DNS over HTTP/3?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Nov 2018 11:01:08 -0000


On 19 Nov 2018, at 11:09, bert hubert wrote:
> I've observed that the thousands of users of (I also 
> do not
> know how this happened) take around 22 packets per DNS query/response.
Wow. Good for manufactures of 10GB ethernet cards ;-).

> Larger scale adoption of TLSv1.3 might improve this somewhat, but it 
> is a
> big number.
> I've also personally observed that a "slightly suboptimal" network
> absolutely kills browsing performance in Firefox Nightly using DoH.  A 
> naive
> calculation shows that 0.5% packet loss turns into a 5% failure rate 
> per DoH
> query, which then can cause Head of Line blocking for further queries, 
> which
> cascades into "blank pages" getting rendered.
Hmm resolves to one IP address while resolves to two IP addresses. Not sure if 
that would make a difference as I don’t know what the Mozilla stub 
does. I also didn’t find anything in the RFC wrt to the 
failure/failover behaviour other than DoH follows standard HTTP 
mechanisms, but I have no idea what that means for unresponsive servers, 
and more important when a server is declared unresponsive.

> And, perhaps somewhat more provocatively, should we maybe not start 
> pushing
> DoH/2 if it leaves people with a sub-standard experience, causing them 
> to
> disable DoH?  DoH/3 might be somewhat of a wait but it might prevent 
> that
> sour taste from developing.
Maybe there is a need for dohop (DNS over HTTP Operations) working 
group. I think there are still a lot of unknowns in the operations of 
DoH clients and servers, but the same is true for regular DNS and I’ve 
been working on that for decades now. Maybe a draft or some measurements 
would also help to get a discussion started.

So long
Ralf Weber