I see two distinct use cases: 1) Web browsing 2) Everything else.
The challenges for (1) are latency, latency and latency. Shaving 10ms off the response of a browser is very important to the Web browser team. Folk can argue that it should not be, but that is the situation. If we are going to do DNS over TLS then looking at the existing Back to my MAC protocol makes sense. But the caveat is that does not look like an application where ultra-low latency is a requirement. There are two ways to address the latency issue for Web browsing: 1) Design a protocol tuned for ultra low latency with 1 round trip over UDP. 2) Combine the DNS requests with other data requests that the browser would make. Private-DNS takes approach 1 OmniQuery takes approach 1 and 2 Once you decide to combine data feeds, you have changed the protocol anyway and might as well tune for performance. On Tue, Nov 11, 2014 at 2:45 PM, Stuart Cheshire <[email protected]> wrote: > I’m unable to attend the DPRIVE meeting in person because it overlaps with > TAPS. > > I see on the agenda discussion of items like Private DNS and DNS over TLS. > > A historical note: Apple’s Back to My Mac service uses DNS over TLS to > provide confidentiality for the queries. This is described in RFC 6281. > > The client looks up the SRV record “_dns-query-tls._tcp.example.com” to find > the target host and port which will answer DNS-over-TLS queries for the > domain “example.com”, and then the client sends subsequent queries for > “example.com” names directly there (bypassing the local DNS cache). > > Stuart Cheshire > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
