Re: QUIC re-chartering: include DNS-over-QUIC?

[Erik Nygren <erik+ietf@nygren.org>]

Martin summarizes well below.  What changes things is the need for an
encrypted+authenticated transport.
If we could stick with DNS-over-53 (TCP and UDP) then QUIC buys us
nothing.  But if our choices are:

* DoH
* DoTLS
* DoDTLS
* DoQUIC
* Do{SomethingBespoke}

then from a large-scale server operator perspective DoQ has lots going for
it.
There was a good comparison of some of these for what they mean from a
protocol
stack elements perspective in DPRIVE.

Especially for operators who will be building QUIC support into Load
Balancers,
Anycast forwarders, and the like for HTTP/3, it would be great to be able
to reuse some of this for DNS as well.  QUIC has nice features that may
make it easier
to operate than DoTLS or DoDTLS, and DTLS is a weird worst-of-all-worlds
for people
already operating TLS-over-TCP and QUIC at scale.  And for
recursive-to-authoritative I don't see
that DoH buys us the complexity it adds.

    Erik



On Mon, Apr 13, 2020 at 10:17 PM Martin Thomson <mt@lowentropy.net> wrote:

> Hi Paul,
>
> These are good topics to talk through.
>
> On Sun, Apr 12, 2020, at 09:46, Paul Vixie wrote:
> > you're assuming that the loss isn't self-induced. sometimes slowing down
> is
> > exactly what's needed. for example when a busy full resolver has a queue
> of
> > hundreds or thousands of requests to be sent to a zone authority, rate
> > limiting of UDP is necessary to prevent a meltdown. bandwidth is finite.
> we
> > sometimes load-balance toward several of a zone's authority servers even
> > including those known to not have low-ish RTT, just to avoid flooding
> one of
> > them, or to avoid flooding our nearby links. moving to QUIC won't help
> with
> > any of that.
>
> I guess it depends on what resource you are attempting to preserve.
>
> The goal of a congestion controller is to avoid over-saturating the
> network.  But most controllers still assume that you still want saturation
> of a kind.  QUIC likely doesn't do anything to help here, unless you think
> that having a stateful context with good feedback about loss and delay is
> useful.  It seems like something far less sophisticated is what you are
> imagining.
>
> If the goal is instead to avoid overloading a receiver, then QUIC
> definitely can help.  The flow control mechanisms in QUIC (limits on
> streams, per-stream limits on bytes) are all designed to avoid this
> situation by putting the receiver more in control.  If a resolver is busy
> handling lots of traffic and you want to avoid swamping it further with
> zone transfers or similar, then these flow control options allow it to
> limit the resources it has to commit to different connections. (Of course,
> that reduces the problem to the previously-unsolved one of prioritizing
> competing interests.)
>
> If you have good flow control, you might not have to worry about the
> effect on congestion beyond choosing an appropriately-aggressive controller.
>
> > > * Faster resumption and 0RTT behaviors (although you get some of these
> with
> > > TFO + TLS 1.3 0RTT).  But this substantially reduces the performance
> impact
> > > when new connections need to be established.
> >
> > in DNS, new connections rarely need to be established. the reason RFC
> 6013
> > permitted connections to go into a quiet (resumable) state
>
> The resumption part is interesting in this context.  It depends on what
> you mean by "resume".
>
> If you imagine very long periods of quiescence, but with (full) retention
> of state at endpoints, then QUIC should work.  Using connection IDs might
> mean that you can keep using a connection even in the presence of address
> translation.
>
> That's different than what TLS and QUIC refer to as "resumption", which is
> the feature that allows you to make new connections (more) cheaply.  QUIC
> does a lot to improve that, because the web needs it.  Maybe DNS will also
> benefit from that, but it might be that you can just use very long-lived
> connections instead.  I would recommend a regimen of key updates for that,
> but that's not critical.
>
> Transport people keep saying that you can't save the congestion window.
> But then I keep seeing that people do and nothing much breaks, so I guess
> this debate will just continue.
>
> > while it's theoretically possible to share DNS cookie state (RFC 7873)
> across
> > many instances of DNS Anycast, the cost:benefit of that complexity is
> less
> > compelling than the cost:benefit of having to renegotiate during route
> changes
> > either from mobile-ip or network-in-the-middle attacks. i don't think
> QUIC has
> > different game theory than DNS cookies have in this regard. route
> changes are
> > orders of magnitude less frequent than same-pair reuse, and always must
> be.
>
> You might find that sharing implementations with HTTP servers changes the
> dynamics there, but I don't know if the equivalent QUIC mechanisms are
> fundamentally different.  What I've observed with HTTP is that state is
> shared, sometimes globally, sometimes only at the same location, and
> sometimes not at all.  But I don't operate any of those services, so I
> can't speak to details.
>
> > ....my question seems to stand. if the potential motivations you've
> listed so
> > far were actual, then we'd have had DNS over SCTP decades ago, or
> something
> > like DTLS that actually worked at scale rather than just in a lab, or we
> would
> > have been able to get TCPCT the code point we needed to experiment
> globally,
> > or we would have had UDP options by now.
>
> I think that my answer immediately above speaks to the potential
> difference here.  Wide deployment of infrastructure that supports the
> protocol might change the system dynamics sufficiently to make it
> worthwhile for DNS to use the new protocol.  I don't think that this is
> certain, but I also don't think that this is a question of serving QUIC
> more than it is serving DNS.
>
> As you say, DNS has its own version of many (or all) of the same
> capabilities we're talking about.  It has them because it needs them.  The
> amount of operational experience with those capabilities is far greater
> than the experience people have with QUIC, and that will remain the case
> for a good while (read: more than 3 years, possibly quite a bit more).
>
> However, if QUIC does manage to see wider adoption, it could be that the
> benefits of sharing infrastructure and experience is worthwhile.  Laying
> the groundwork for that possibility isn't necessarily a waste of the time
> of groups like DPRIVE/QUIC.  Recognizing the potential for that work to be
> unwanted is a good check on excessive ambition though.
>
> I personally think that there is value in sharing a better transport
> layer, but the costs are pretty significant.  Even if you believe that
> there is some utopian end state in which everything uses the same protocol,
> the short- and medium-term costs are carrying around multiple protocols,
> some of which are awkwardly incompatible.
>
>