Re: [Resolverless-dns] Load-balancing concerns

manu tman <> Thu, 08 November 2018 07:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D4C0C128DFD for <>; Wed, 7 Nov 2018 23:35:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MARKETING_PARTNERS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8YRN0SfHVSyh for <>; Wed, 7 Nov 2018 23:35:46 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5DC59127332 for <>; Wed, 7 Nov 2018 23:35:46 -0800 (PST)
Received: by with SMTP id k141-v6so297091itk.3 for <>; Wed, 07 Nov 2018 23:35:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TxC2hKGO0bGz2u0mXfAnsQpwNh9aXwk6DPkcTYR2eD0=; b=kUwGJofYy2/RY9KXK8iFRI+QqBUB2ekn3rYIU5VLHzo1242+p807pbca0bErqfUs7h 4wWNki6K+4sA9HT/YO8sUeNESXdbdAZvX5OY7lV53CNx5mDKfQvPho0aViYrK3KSzdNN PgY/MTJpqsXtwVPfSfgoYJIIoToCULklI5JMLJbuqii9PPzs7Xeot9vTvJmVmJKczOCs 2XIKeJ7mSoP4YYuWPuiHtnkYca4Lpj1Uw8llYHu27YjWlcJBqBBHF9szDDeHQc+j2tcE PD6vUFwzKKPdk+q5Mr8q/CdB5vcVXiyqYWoC0OtyiIH/6ifBpVKV7dpsnoMZuB6mFjM1 FGjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TxC2hKGO0bGz2u0mXfAnsQpwNh9aXwk6DPkcTYR2eD0=; b=evpnj40sZ3O93gRVgxijfgIHdAyqD3ZDryZK95xe2JdTyCI1m0gNtmX77ylD2yRQPh km7Y9AJelzPJlMdGkUJWiyUqiQxWOzgW2UXBjkbqmDBQaSQs8CZpFtbu+lhjL773Twx9 xCdXDDSTjfFF0HV21Vkcz54Z3+wKJOP/ZoPYhPU3D9MLhF9Tksjz7HtWCoStZ1FJ1X3b dzldsmq5S7qulc8MXXOOL/P9RReRO7yipoZCw6MBTXGNcKfwmfbo0CNX3im2uYQ71cdE V+mWukYR0omblSWjAl53fPYLPSJtkrK2bPnU3xRMxhMsoKfl6fYgI4gCkH+ElISSD666 g9XQ==
X-Gm-Message-State: AGRZ1gIjjW62np+WOmQc03f1HUANjyHj/OMV928ZMXHbNxB9pjGTRY4T 15xCyi7AZafnHnMDLBNtsQSulhFfdpx3DqJcb3Ua2EX4
X-Google-Smtp-Source: AJdET5eFkrjqb/CTH11EqL+F90JepFm9NTJvAolS0tCPqtGyjJg/IqWFqlPISVJ1eJubsBJGsz8yECcLWVxHyn6bU8Q=
X-Received: by 2002:a24:f982:: with SMTP id l124-v6mr123511ith.115.1541662545601; Wed, 07 Nov 2018 23:35:45 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: manu tman <>
Date: Thu, 8 Nov 2018 14:35:33 +0700
Message-ID: <>
To: Dave Lawrence <>
Content-Type: multipart/alternative; boundary="00000000000064ebfd057a2248b9"
Archived-At: <>
Subject: Re: [Resolverless-dns] Load-balancing concerns
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Nov 2018 07:35:48 -0000

On Thu, Nov 8, 2018 at 2:04 PM Dave Lawrence <> wrote:

> manu tman writes:
> > Except that it will be based on the IP of the DoH server and not the
> > resolver of the client,
> Right, as I said (or thought I said).

It was not clear to me, you mentioned it would be resolver-based but this
resolver is now unrelated to the original resolver. I may have missed the

> > which in most cases will be more representative of the actual
> > network location (ISP or subnets of ISP) of the client.
> I question the validity of this assertion.  It seems to be making a
> huge assumptive leap about where the server providing the records is
> and what its network relationship to any given client is, and
> completely discounting typical resolver locality.  "in most cases"
> will need some data to support it, and it's way too early in the brave
> new DoH world to have good data on that.

I am referring to the recursive resolver of the original client, not the
DoH server that would now return records. Before resolverless, you would
return answers based on client recursive resolver IP (which I assume is
somewhat "close" to the end user, but don't have data to back this up
with), with resolverless dns, it would be based on the IP of the DoH server
(or the recursive resolver used by that one).

> Personally I expect DoH to be used in a variety of environments, not
> just by the biggest providers with worldwide footprints.
> > The DoH server will most likely be mapped to the best location for
> > the majority of the clients using the service
> Who said the DoH server is getting mapped at all, or has any locality
> to the additional resources it is trying to provide access to?
> Imagine a pretty reasonable set up where some website which only has a
> handful of deployments, say a couple in North America and a couple in
> Europe, wants to point records for one of its partners which actually
> has a much broader footprint.  An Asian client connected to one of the
> North American data centers and getting American-mapped answers when
> the partner site would much rather have preferred you be using one of
> their Asian installations if only you'd asked through normal DNS.

This is what I wanted to say and failed at apparently. I did not mean to
contradict your statement, but rather support it.
That being said, chances are that if the majority of the users that use the
first North American server are actually Asian users, chances are the
effect will be that North American users will end up being sent to the
Asian servers of the second site instead of the North American one. As you
said, this is network performance mapping, not geo locality.

> That's just the simple case of network-performance mapping anyway, and
> completely ignores other mapping
> --
> Resolverless-dns mailing list