On 3/15/23 11:29, Adam Casella wrote:
It seems that Chrome is leveraging 1 TCP session per DNS query to prevent tracking of the DNS traffic, which unfortunately does not take advantage of TCP pipelining/multiplexing or out-of-order TCP DNS responses over a single TCP stream.
Hi Adam, thanks for sharing this! We definitely noticed a dramatic increase in TCP DNS requests circa Mon 2022-11-07, for which I'm grateful to finally have a plausible explanation. The use of 1 TCP session per query is especially significant because our recursive resolvers have iptables rules designed to prevent them from being monopolized by a single misbehaving client, which includes limiting the number of parallel inbound 53/tcp connections per client IP. The sudden increase in throttling by that particular iptables rule was quite a surprise. Thanks, David -- David Zych (he/him) Lead Network Service Engineer University of Illinois Urbana-Champaign Office of the Chief Information Officer Technology Services Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
