Hi,
On Tue, Feb 16, 2016 at 4:53 AM, Lev Stipakov wrote:
> Hi James,
>
> > Has anyone seen issues with --block-outside-dns speed? Because this
> > approach drops certain DNS packets, I'm wondering if apps will
> > experience lag time while waiting for dropped DNS requests to time out.
>
> Yes, I have experienced issues with that patch.
>
> On only machine I was able to reproduce DNS leak, this patch causes
> _all_ DNS requests to take 10 seconds to execute. According to
> Wireshark, Windows sends DNS requests to all adapters, got fast response
> from "right one", but nevertheless waits for about 10 seconds before
> giving up.
>
On the contrary, on the only win10 machine I had tested this, there was no
apparent delay in resolution. Unlike Lev, I see DNS requests to all
interfaces on wireshark only when --block-outside-dns is _not_ used. When
blocked, the only DNS traffic seen on wireshark was through the TAP
interface. That looked right as the packets are dropped before they reach
the wireshark hooks, I suppose..
Anyway, the dns client service may still expect replies to those lost
packets, but no apparent name resolution delay in applications was seen.
However, I did not test programs that directly connect to the dns servers
(e.g., nslookup) instead of using the dns client service.
Selva
