On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation and Dataset. Sengupta, Jayasree; Kosek, Mike; Fries, Justus; Ferlin-Reiter, Simone; Bajpai, Vaibhav in IEEE Transactions on Network and Service Management (2024). 1–1.
Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by >30% over fixed-line and by >50% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.
Weitere Informationen
AbstractEvery Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by >30% over fixed-line and by >50% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.
Evaluating DNS Resiliency and Responsiveness With Truncation, Fragmentation & DoTCP Fallback. Dikshit, Pratyush; Kosek, Mike; Faulhaber, Nils; Sengupta, Jayasree; Bajpai, Vaibhav in IEEE Transactions on Network and Service Management (2024). 1–1.
Since its introduction in 1987, the DNS has become one of the core components of the Internet. While it was designed to work with both TCP and UDP, DNS-over-UDP (DoUDP) has become the default option due to its low overhead. As new Resource Records were introduced, the sizes of DNS responses increased considerably. This expansion of the message body has led to truncation and IP fragmentation more often in recent years where large UDP responses make DNS an easy vector for amplifying denial-of-service attacks which can reduce the resiliency of DNS services. This paper investigates the resiliency, responsiveness, and usage of DoTCP and DoUDP over IPv4 and IPv6 for 10 widely used public DNS resolvers. The paper specifically measures the resiliency of the DNS infrastructure in the age of increasing DNS response sizes that lead to truncation and fragmentation. Our results offer key insights into the management of robust and reliable DNS network services. While DNS Flag Day 2020 recommends 1232 bytes of buffer sizes, we find out that 3/10 resolvers mainly announce very large EDNS(0) buffer sizes both from the edge as well as from the core, which potentially causes fragmentation. In reaction to large response sizes from authoritative name servers, we find that resolvers do not fall back to the usage of DoTCP in many cases, bearing the risk of fragmented responses. As the message sizes in the DNS are expected to grow further, this problem will become more urgent in the future. This paper demonstrates the key results (particularly as a consequence of the DNS Flag Day 2020) which may support network service providers make informed choices to better manage their critical DNS services.
Weitere Informationen
AbstractSince its introduction in 1987, the DNS has become one of the core components of the Internet. While it was designed to work with both TCP and UDP, DNS-over-UDP (DoUDP) has become the default option due to its low overhead. As new Resource Records were introduced, the sizes of DNS responses increased considerably. This expansion of the message body has led to truncation and IP fragmentation more often in recent years where large UDP responses make DNS an easy vector for amplifying denial-of-service attacks which can reduce the resiliency of DNS services. This paper investigates the resiliency, responsiveness, and usage of DoTCP and DoUDP over IPv4 and IPv6 for 10 widely used public DNS resolvers. The paper specifically measures the resiliency of the DNS infrastructure in the age of increasing DNS response sizes that lead to truncation and fragmentation. Our results offer key insights into the management of robust and reliable DNS network services. While DNS Flag Day 2020 recommends 1232 bytes of buffer sizes, we find out that 3/10 resolvers mainly announce very large EDNS(0) buffer sizes both from the edge as well as from the core, which potentially causes fragmentation. In reaction to large response sizes from authoritative name servers, we find that resolvers do not fall back to the usage of DoTCP in many cases, bearing the risk of fragmented responses. As the message sizes in the DNS are expected to grow further, this problem will become more urgent in the future. This paper demonstrates the key results (particularly as a consequence of the DNS Flag Day 2020) which may support network service providers make informed choices to better manage their critical DNS services.
Through the Lens of Google CrUX: Dissecting Web Browsing Experience Across Devices and Countries. Sengupta, Jayasree; Shreedhar, Tanya; Kramer, Robert; Bajpai, Vaibhav in 2024 IFIP Networking Conference (IFIP Networking) (2024). 509–514.
User quality of experience in the context of Web browsing is being researched widely, with plenty of developments occurring alongside technological advances, not seldom driven by big industry players. With Google's huge reach and infrastructure, the Chrome User Experience Report (CrUX) provides quantitative real-life measurement data of a vast magnitude. Analysis of this steadily expanding dataset aggregating different user experience metrics, yields tangible insights into actual trends and developments. Hence, this paper is the first to study the CrUX dataset from the viewpoint of relevant metrics by quantitative evaluation of users' Web browsing experience across three device types and nine European countries. Analysis of data segmented by connection type in the device dimension shows desktops outperforming other device types for all metrics. Similar analysis in the country dimension, shows North European countries (Sweden, Finland) having maximum 4G connections (85.99%, 81.41% respectively) and steadily performing 25%-36% better at the 75th percentile across all metrics compared to the worst performing country. Such a high-level longitudinal analysis of real-life Web browsing experience provides an extensive base for future research.
Weitere Informationen
AbstractUser quality of experience in the context of Web browsing is being researched widely, with plenty of developments occurring alongside technological advances, not seldom driven by big industry players. With Google's huge reach and infrastructure, the Chrome User Experience Report (CrUX) provides quantitative real-life measurement data of a vast magnitude. Analysis of this steadily expanding dataset aggregating different user experience metrics, yields tangible insights into actual trends and developments. Hence, this paper is the first to study the CrUX dataset from the viewpoint of relevant metrics by quantitative evaluation of users' Web browsing experience across three device types and nine European countries. Analysis of data segmented by connection type in the device dimension shows desktops outperforming other device types for all metrics. Similar analysis in the country dimension, shows North European countries (Sweden, Finland) having maximum 4G connections (85.99%, 81.41% respectively) and steadily performing 25%-36% better at the 75th percentile across all metrics compared to the worst performing country. Such a high-level longitudinal analysis of real-life Web browsing experience provides an extensive base for future research.
