Re: [Resolverless-dns] Paper on Resolver-less DNS

Joe Abley <> Wed, 04 September 2019 15:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DC3E112011D for <>; Wed, 4 Sep 2019 08:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s5dXqSh9_suI for <>; Wed, 4 Sep 2019 08:10:34 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1002612013B for <>; Wed, 4 Sep 2019 08:10:34 -0700 (PDT)
Received: by with SMTP id p12so44963191iog.5 for <>; Wed, 04 Sep 2019 08:10:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=v9HdqNgEFTmNpzOOkHZsz5WkH8oUOP5ZaOgJtyHefCI=; b=CFWDeEfF3SMiP5081a9RTGt2l+o5f+u2mzLdN3PljoU6ulnbZjSUYTt2ys38Na9Pu2 17rVrRd+WF6u/XTwR9ruyjN2pjAetULLktje1Vpsb6lx14htpyWz+fq3zvechmLIWG90 iftuWv1i6uTONcfnn7U/Q/kSEj+F0atttHzT4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=v9HdqNgEFTmNpzOOkHZsz5WkH8oUOP5ZaOgJtyHefCI=; b=rHB0/MRX7SWO2HZs8LNQL94vrndTsdBQ3z9I1sbvGyDdsyQHhBPbXgcXKpbBdTKtDq GfPxcgS46rGORdm74/xzikdSV67m/ugsxZzBXd8Bz0Iwv5YjMtZFvvLrUMzHplX9zu3O g/Mtck88hRHoo52+TiyXNS0EpunwxgWlOECbMDeWeK19VogaP8Y//zt3VfvotIwZEh/5 21Agrpp5Em417Z2Ee/nk3bQ8cA6wcSPD5zDKH+wIbWRTkLuIEF7NMWleWU1TBgWmU/c5 k8GAM9UEo6nEfQ4bFQDkBfeNRJHt1zNjD9HPT4e5ri4eiZjhU2IAl733/X4lZFVgLha/ ZP+Q==
X-Gm-Message-State: APjAAAUOfWK1oFHWLRy4KitARgn1DkKhVZG6/l9pm0J5Ic+h5cQi5nPL Epg4qWJ/DXonSfoS6+Qesa7bJn8r1pLKDqXs
X-Google-Smtp-Source: APXvYqzhtugt9IbljJ5GA9V3D9mmh3Wduid4Dvpoqc2HzR75EBW66RSOCSRdSE+2wrXokQAMppGvUw==
X-Received: by 2002:a5d:8196:: with SMTP id u22mr8260060ion.280.1567609832728; Wed, 04 Sep 2019 08:10:32 -0700 (PDT)
Received: from ?IPv6:2607:f2c0:e786:128f:7cd8:7f4:dde6:cd83? ([2607:f2c0:e786:128f:7cd8:7f4:dde6:cd83]) by with ESMTPSA id t5sm18116671ios.33.2019. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Sep 2019 08:10:30 -0700 (PDT)
From: Joe Abley <>
Content-Type: multipart/signed; boundary="Apple-Mail=_FA9EF004-A75A-4918-8898-40113024D2EE"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 04 Sep 2019 11:10:29 -0400
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Sep 2019 15:10:36 -0000

On 4 Sep 2019, at 10:50, Viktor Dukhovni <> wrote:

> That said, browsers do DNS lookups in parallel, and the user's
> resolver will often already have the answers in its cache.  Is the
> resulting reduction in latency really worth the added complexity
> and potential risks?

I think the context here should usefully be those sophisticated web pages that operate using large numbers of unique names whose only purpose relates to a particular (user, application) pair, and in some cases only have a single-time use (for which caching is just a waste of RAM).

Many single-use names have low or zero TTLs in order to signal that they should not be cached, but many caches impose local policy on minimum TTLs and hence they are cached anyway. The impact on caches can be significant [Dagon]. The queries have been observed to continue to circulate through the DNS globally, regardless of their intended single-use [Huston].

I think it's straightforward to imagine that many, perhaps most of the world's web content would not load more quickly/reliably/pleasingly just because of the introduction of resolverless DNS. However, scale matters and in a world of elephants and mice, the effect on the small number of elephants might matter more than the lack of effect on the rodents.