It seems like SACK would make the problem less bad in theory, but wouldn’t eliminate the problem. With DNS-over-DTLS, if a packet is lost, the next packet still gets an immediate answer, because DTLS is a datagram protocol, not a stream protocol. The retry strategy for DNS-over-DTLS would be the same as DNS-over-UDP, once the Diffie-Hellman shared key has been derived. So assuming you are using this to communicate to a resolver, there would be an initial handshake that’s extra compared to DNS-over-UDP, and then it would just be DNS-over-UDP until such time as re-keying is needed.
> On Mar 25, 2019, at 5:13 PM, Tony Finch <d...@dotat.at> wrote: > > Ted Lemon <mel...@fugue.com> wrote: >> On Mar 25, 2019, at 4:04 PM, Tony Finch <d...@dotat.at> wrote: >>> If I understand it correctly, DTLS leaves MTU and fragmentation up to the >>> application protocol. The DNS has horrible packet size problems, so it >>> needs a lot more help than DTLS provides. QUIC is much better. >> >> Indeed. My point was simply that this avoids ordering problems, just as >> QUIC does. I suspect that it is worth having DNS-over-DTLS; QUIC is >> great, but based on what I’ve been seeing, quite a lot, and probably not >> appropriate for a lot of use cases where DNS-over-DTLS would do just >> fine. > > It isn't so much ordering that is the problem, but not delaying answer B > when answer A suffers packet loss. I'm kind of curious about what the > relative trade-offs might be between DoQ and DoT with a decent SACK > implementation, when there is not much latency between the client and the > resolver. DNS-over-DTLS will need its own application layer retry > strategy. I kind of prefer the idea of DNS being able to re-use a good > off-the-shelf transport protocol rather than doing its own thing. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Irish Sea: West or northwest 4 or 5. Smooth or slight. Showers. Good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
