Re: [Resolverless-dns] Load-balancing concerns

Dave Lawrence <> Thu, 08 November 2018 07:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5CFB7130DC2 for <>; Wed, 7 Nov 2018 23:04:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MARKETING_PARTNERS=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SQDrmjMJMMAe for <>; Wed, 7 Nov 2018 23:04:51 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D8981294D7 for <>; Wed, 7 Nov 2018 23:04:51 -0800 (PST)
Received: by (Postfix, from userid 102) id EF8A6328A5; Thu, 8 Nov 2018 02:04:48 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <>
Date: Thu, 8 Nov 2018 02:04:48 -0500
From: Dave Lawrence <>
In-Reply-To: <>
References: <> <> <>
Archived-At: <>
Subject: Re: [Resolverless-dns] Load-balancing concerns
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Nov 2018 07:04:52 -0000

manu tman writes:
> Except that it will be based on the IP of the DoH server and not the
> resolver of the client,

Right, as I said (or thought I said).

> which in most cases will be more representative of the actual
> network location (ISP or subnets of ISP) of the client.

I question the validity of this assertion.  It seems to be making a
huge assumptive leap about where the server providing the records is
and what its network relationship to any given client is, and
completely discounting typical resolver locality.  "in most cases"
will need some data to support it, and it's way too early in the brave
new DoH world to have good data on that.

Personally I expect DoH to be used in a variety of environments, not
just by the biggest providers with worldwide footprints.

> The DoH server will most likely be mapped to the best location for
> the majority of the clients using the service

Who said the DoH server is getting mapped at all, or has any locality
to the additional resources it is trying to provide access to?

Imagine a pretty reasonable set up where some website which only has a
handful of deployments, say a couple in North America and a couple in
Europe, wants to point records for one of its partners which actually
has a much broader footprint.  An Asian client connected to one of the
North American data centers and getting American-mapped answers when
the partner site would much rather have preferred you be using one of
their Asian installations if only you'd asked through normal DNS.

That's just the simple case of network-performance mapping anyway, and
completely ignores other mapping