Google Groups

FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

Patrick McManus Mar 17, 2018 3:51 AM
Posted in group:
Hi All, FYI:

Soon we'll be launching a nightly based pref-flip shield study to confirm
the feasibility of doing DNS over HTTPs (DoH). If all goes well the study
will launch Monday (and if not, probably the following Monday). It will run
<= 1 week. If you're running nightly and you want to see if you're in the
study check about:studies

Access to global DNS data is commonly manipulated and can easily be blocked
and/or collected. DNS services are also sometimes poorly provisioned
creating performance problems. We posit that integrity and confidentiality
protected access to well provisioned larger caches will help our users. In
a nutshell, that's what DoH does.

This work relies on a IETF specification that I hope will go into Last Call
this coming week:

This initial test is focused on performance feasibility assessment and we
won't actually be using the DNS data returned from the DoH server (i.e. the
traditional DNS service is used in parallel and only those answers are used
- the code calls this shadow mode.) This is obviously not the optimal
arrangement of things - the anticipated end state will involve running in
"first mode" where DoH is normally used and soft fails (either based on DNS
or TCP errors) to traditional DNS. There are also modes where DoH is used
and hard fails (known as "only mode" - it requires some bootstrap info),
and a mode where DoH and traditional race against each other using
whichever is faster. Their are acomodations in place to deal with
split-horizon DNS issues.

DoH is an open standard and for this test we'll be using the DoH server
implementation at Cloudflare. As is typical for Mozilla, when we
default-interact with a third party service we have a legal agreement in
place to look out for the data retention/use/redistribution/etc interests
of both our users and Mozilla itself.

The study launch bug is

Daniel Stenberg has written much of the code for this - he, I, and Valentin
Gosu are the team that will chase down any issues. Feel free to reach out
to us (or #necko on slack). There is currently one open issue related to
captive portals and "only mode" but that should not be triggered by the
study as "only mode" is not used.