Re: [Resolverless-dns] Paper on Resolver-less DNS

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 04 September 2019 14:50 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4794E12023E for <resolverless-dns@ietfa.amsl.com>; Wed, 4 Sep 2019 07:50:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HhOqDb6rHHL0 for <resolverless-dns@ietfa.amsl.com>; Wed, 4 Sep 2019 07:50:31 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA96120169 for <resolverless-dns@ietf.org>; Wed, 4 Sep 2019 07:50:19 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 49D2429CF96; Wed, 4 Sep 2019 10:50:18 -0400 (EDT)
Date: Wed, 04 Sep 2019 10:50:18 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: resolverless-dns@ietf.org
Message-ID: <20190904145018.GO70599@straasha.imrryr.org>
Reply-To: resolverless-dns@ietf.org
References: <54892F22-27E4-4444-9CC8-2D9E84A9668F@dukhovni.org> <4ec7dd1d-e914-0adb-4240-296f2f762b5f@informatik.uni-hamburg.de> <ADC6E119-0EED-4990-A975-F594C9282872@dukhovni.org> <64650d58-924f-c0f3-d181-614d59527477@informatik.uni-hamburg.de> <20190830053023.GE90696@straasha.imrryr.org> <f81ec73d-879e-0427-e11b-0973e01034c3@informatik.uni-hamburg.de> <20190902213241.GI70599@straasha.imrryr.org> <88cef6e4-73bd-7324-8509-a1acbd77750e@informatik.uni-hamburg.de> <CA+nkc8CLO7TwB1zFstjSCGNBvWUaBX1E2uvBQOkSMEAmFxP3yA@mail.gmail.com> <726fa997-8b7c-495e-623a-ccb299e36c1f@informatik.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <726fa997-8b7c-495e-623a-ccb299e36c1f@informatik.uni-hamburg.de>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/8wTna1lmnKHlY5wf1ZrnUWnZjbQ>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 14:50:36 -0000

On Wed, Sep 04, 2019 at 03:51:55PM +0200, Erik Sy wrote:

> > What else could it mean?
> 
> Note, that the retrieval of a popular website requires on average
> connections to about 20 different hostnames. Thus, if the first
> connection to an average website provides you the DNS records for the
> remaining 19 hostnames then using resolver-less DNS can save up to 19
> traditional DNS lookups.

A more conservative "scope" for any such address hints would be to
limit them to just to the display of the current "location" (web
page).  When the browser navigates to a new page, any such cache
should be flushed.  This should include navigation via links on the
page.  Only the retrieval of resources needed to display the current
page would then make use any returned addresses.

Many users re-use existing tabs to navigate to new sites independent
of the one previously displayed in the tab.

Some of the concerns I have raised are ameliorated if the scope of
the returned addresses is limited to just the page being displayed.
That way, one perhaps gets faster loading of images, Javascript
(and advertisements, if not blocked).

That said, browsers do DNS lookups in parallel, and the user's
resolver will often already have the answers in its cache.  Is the
resulting reduction in latency really worth the added complexity
and potential risks?

-- 
	Viktor.