--- Begin Message ---
Just following up on this. This issue was narrowed down to a need to increase
the entropy threshold on Chrome’s DNS source port logic on Windows 10 and 11 to
prevent the built-in DNS client from falling back to TCP. This impacts all
Chromium based browsers and the fix can be found here:
Chrome Bug tracking this issue:
https://bugs.chromium.org/p/chromium/issues/detail?id=1413620
Fix (a one-liner) can be found here:
https://chromium.googlesource.com/chromium/src/+/59d686c1417b5aea7b1d94a28bac45d8d8f26fe0
This looks like the fix will be added in Chrome 112 or 113.
Thanks,
Adam Casella | Solutions Architect
Infoblox | infoblox.com
914.953.8571
From: dns-operations <[email protected]> on behalf of
[email protected] <[email protected]>
Date: Friday, March 17, 2023 at 5:02 AM
To: [email protected] <[email protected]>
Subject: dns-operations Digest, Vol 206, Issue 7
!-------------------------------------------------------------------|
This Message Is From an External Sender
This message came from outside your organization.
|-------------------------------------------------------------------!
Send dns-operations mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.com/v3/__https://lists.dns-oarc.net/mailman/listinfo/dns-operations__;!!JYsgTRAg6ZQ!MXjAgDJCvjIDRRgSxERnvnrOZkSR8mexf1W9k2XJL9AybkCjxwS5E4vmtriURf279WZOqjRPlenLYsSZ8ng5N-iboYKq88s$<https://urldefense.com/v3/__https:/lists.dns-oarc.net/mailman/listinfo/dns-operations__;!!JYsgTRAg6ZQ!MXjAgDJCvjIDRRgSxERnvnrOZkSR8mexf1W9k2XJL9AybkCjxwS5E4vmtriURf279WZOqjRPlenLYsSZ8ng5N-iboYKq88s$>
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dns-operations digest..."
Today's Topics:
1. Re: Increase in DNS over TCP from Chrome Browser on Windows
11 (David Zych)
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Mar 2023 11:57:00 -0500
From: David Zych <[email protected]>
To: "[email protected]"
<[email protected]>
Subject: Re: [dns-operations] Increase in DNS over TCP from Chrome
Browser on Windows 11
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 3/15/23 11:29, Adam Casella wrote:
> It seems that Chrome is leveraging 1 TCP session per DNS query to prevent
> tracking of the DNS traffic, which unfortunately does not take advantage of
> TCP pipelining/multiplexing or out-of-order TCP DNS responses over a single
> TCP stream.
Hi Adam, thanks for sharing this!
We definitely noticed a dramatic increase in TCP DNS requests circa Mon
2022-11-07, for which I'm grateful to finally have a plausible explanation.
The use of 1 TCP session per query is especially significant because our
recursive resolvers have iptables rules designed to prevent them from being
monopolized by a single misbehaving client, which includes limiting the number
of parallel inbound 53/tcp connections per client IP. The sudden increase in
throttling by that particular iptables rule was quite a surprise.
Thanks,
David
--
David Zych (he/him)
Lead Network Service Engineer
University of Illinois Urbana-Champaign
Office of the Chief Information Officer
Technology Services
Under the Illinois Freedom of Information Act any written communication to or
from university employees regarding university business is a public record and
may be subject to public disclosure.
------------------------------
Subject: Digest Footer
_______________________________________________
dns-operations mailing list
[email protected]
https://urldefense.com/v3/__https://lists.dns-oarc.net/mailman/listinfo/dns-operations__;!!JYsgTRAg6ZQ!MXjAgDJCvjIDRRgSxERnvnrOZkSR8mexf1W9k2XJL9AybkCjxwS5E4vmtriURf279WZOqjRPlenLYsSZ8ng5N-iboYKq88s$<https://urldefense.com/v3/__https:/lists.dns-oarc.net/mailman/listinfo/dns-operations__;!!JYsgTRAg6ZQ!MXjAgDJCvjIDRRgSxERnvnrOZkSR8mexf1W9k2XJL9AybkCjxwS5E4vmtriURf279WZOqjRPlenLYsSZ8ng5N-iboYKq88s$>
------------------------------
End of dns-operations Digest, Vol 206, Issue 7
**********************************************
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
