On Thu, Jul 19, 2018 at 02:23:53PM -0400, Brian Haberman wrote:
> This thread is for discussion of the user perspective of DNS privacy
> between the recursive resolver and authoritative servers.
>
> - Focus on *what* is needed.
> - Avoid *how* to achieve it.
> - Consider both ends of DNS the exchange.
> - Scenarios will frame the discussion.
>
I live in a part of the world where RTT to other parts of the world
widely varies. Average RTT to "the west" or "the east" is quite high.
These days many zones are concentrated on anycast "local" namesevers,
but a lot of nameservers are not local too. Many users don't use "cloud"
resolvers either - they use resolvers on their LAN.
DNS is at the head of any user-initiated internet connection and the
turnaround time of a DNS request is definitely influenced by the
resolution time at the head of the sequence of steps. Recursive
resolution involves several RTTs already and any extra client->server
roundtrips will be a multiplier overall.
I want recursive resolution to work efficiently, for everyone, for every
type of scenario. This is what is needed.
During the "how-to-achieve-it" phase, attention should be given to not
adding extra roundtrips (to keep it as close as possible to the RFC 1035
UDP scenario). Various new facilities such as TCP's fast open, TLS false
start, etc. should not be taken for granted - considerion should be
given to the average and worst case scenarios, esp. queries in unseen
zones to non-anycast-"cloud" nameservers that aren't "known".
As an example, consider yourself as a person who has the resolver on the
LAN and is a reddit.com or news.ycombinator.com visitor. You visit these
websites and open links to various random websites. You don't want to be
stuck at "Looking up example.com.." for seconds longer for each new
query (which miss cache as they are new usually unvisited websites)
compared to the RFC 1035 UDP case. The internet would suck then.
Mukund
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
