Re: [Doh] DNS over HTTP/3?
"Ralf Weber" <dns@fl1ger.de> Mon, 19 November 2018 11:01 UTC
Return-Path: <dns@fl1ger.de>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59F31127133 for <doh@ietfa.amsl.com>; Mon, 19 Nov 2018 03:01:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_0vPLjf7rBJ for <doh@ietfa.amsl.com>; Mon, 19 Nov 2018 03:01:05 -0800 (PST)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id 7CFD5126CB6 for <doh@ietf.org>; Mon, 19 Nov 2018 03:01:05 -0800 (PST)
Received: by nyx.guxx.net (Postfix, from userid 107) id 9951F5F40AFC; Mon, 19 Nov 2018 12:01:04 +0100 (CET)
Received: from [172.19.153.200] (p4FC21989.dip0.t-ipconnect.de [79.194.25.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 9F0085F40310; Mon, 19 Nov 2018 12:01:02 +0100 (CET)
From: Ralf Weber <dns@fl1ger.de>
To: bert hubert <bert.hubert@powerdns.com>
Cc: doh@ietf.org
Date: Mon, 19 Nov 2018 12:01:01 +0100
X-Mailer: MailMate (1.12.1r5552)
Message-ID: <2A4EC6B6-4654-4CD2-BAB3-6299E1A65AEB@fl1ger.de>
In-Reply-To: <20181119100954.GA6704@server.ds9a.nl>
References: <20181119100954.GA6704@server.ds9a.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/wYCOa4cFoJQv4wBrWtGaxeOHa84>
Subject: Re: [Doh] DNS over HTTP/3?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 11:01:08 -0000
Moin! On 19 Nov 2018, at 11:09, bert hubert wrote: > I've observed that the thousands of users of doh.powerdns.org (I also > do not > know how this happened) take around 22 packets per DNS query/response. Wow. Good for manufactures of 10GB ethernet cards ;-). > Larger scale adoption of TLSv1.3 might improve this somewhat, but it > is a > big number. > > I've also personally observed that a "slightly suboptimal" network > absolutely kills browsing performance in Firefox Nightly using DoH. A > naive > calculation shows that 0.5% packet loss turns into a 5% failure rate > per DoH > query, which then can cause Head of Line blocking for further queries, > which > cascades into "blank pages" getting rendered. Hmm doh.powerdns.org resolves to one IP address while mozilla.cloudflare-dns.com resolves to two IP addresses. Not sure if that would make a difference as I don’t know what the Mozilla stub does. I also didn’t find anything in the RFC wrt to the failure/failover behaviour other than DoH follows standard HTTP mechanisms, but I have no idea what that means for unresponsive servers, and more important when a server is declared unresponsive. […] > And, perhaps somewhat more provocatively, should we maybe not start > pushing > DoH/2 if it leaves people with a sub-standard experience, causing them > to > disable DoH? DoH/3 might be somewhat of a wait but it might prevent > that > sour taste from developing. Maybe there is a need for dohop (DNS over HTTP Operations) working group. I think there are still a lot of unknowns in the operations of DoH clients and servers, but the same is true for regular DNS and I’ve been working on that for decades now. Maybe a draft or some measurements would also help to get a discussion started. So long -Ralf —-- Ralf Weber
- [Doh] DNS over HTTP/3? bert hubert
- Re: [Doh] DNS over HTTP/3? Ralf Weber
- Re: [Doh] [Ext] DNS over HTTP/3? Paul Hoffman
- Re: [Doh] DNS over HTTP/3? Daniel Stenberg
- Re: [Doh] [Ext] DNS over HTTP/3? bert hubert
- Re: [Doh] [Ext] DNS over HTTP/3? Paul Hoffman
- Re: [Doh] [Ext] DNS over HTTP/3? bert hubert
- Re: [Doh] [Ext] DNS over HTTP/3? Ask Bjørn Hansen
- Re: [Doh] [Ext] DNS over HTTP/3? Ted Lemon
- Re: [Doh] [Ext] DNS over HTTP/3? bert hubert
- Re: [Doh] [Ext] DNS over HTTP/3? Daniel Stenberg
- Re: [Doh] [Ext] DNS over HTTP/3? Mukund Sivaraman
- Re: [Doh] DNS over HTTP/3? Az Mankin