DNS-over-QUIC issues behind NAT #260
Comments
If you mean the other app that implemented the DoQ support, I think I might know why the issue doesn't affect it. After some observation I found it re-initializes the QUIC session just after 30 seconds of idle.
This is against the QUIC design principle. Frequently handshakes will slow down the DNS lookup delay, even slower than DNS-over-HTTPS, so what's the point of using the DoQ? Of course, most users won't notice a tiny bit of additional delay during handshakes. So it is a reasonable workaround but it makes DoQ useless. |
|
Please do realize that attempting to
|
|
In case some of our users might be misled by one of these replies, our app doesn't have a so-called "30 second idle" implementation. The reply did not specifically refer to our app, so we did not quote it. By the way, when a connection is broken or closed by remote or any issue occurs, a new connection should be initiated. Which we tend to call it normal logic process, others may see it as a workaround. Either way this should be done. |
|
At last, it's normal and expected that each author has his or her considerations and implementations. It is very rude to lecture the other or to ask some one to lecture the other. And we don't like so-called fan thing, ours or others, the fan thing ruins everything. |
给QX添加个小组件啊 |
|
It seems because quic-go does not implement connection migration quic-go/quic-go#234 Ref:
|
|
Well, to my knowledge there're no QUIC implementations that support connection migration yet.
Another solution would be to enable KeepAlive on QUIC connection. This way it will send a "ping" packet every 20 seconds and keep the connection alive: |
Oh, that's sad. Thanks for the clarification. It seems that the passive connection migration (PCM) is essential to QUIC under a cellular network. BTW, QUIC implementations in other languages do support connection migration, such as ngtcp2, quiche-google, and quiche-cloudflare. Since the quic-go has no plan to support the connection migration yet, you may consider using another implementation. But it may be troublesome since they don't have a golang interface. |
|
Oh, quiche have finally added it? This is good news |
Andrey, Will there be any issue between Google quiche & Cloudflare quiche, as their Programming Languages are different ? Google Quiche - C++ |
|
Yep, we'll have to wait until it's added to quic-go (or maybe until Golang gets native QUIC implementation). |
Still a problem with compilation, however, I used GO 1.19 |
Hi. I'm the author of the Surge app, which might be one of the most popular custom DNS clients on iOS and macOS.
I have implemented the DoQ support in the latest version. But I found a severe issue. While using DoQ behind a NAT, an IPv4 cellular network usually, the client's UDP source port may change due to a very short UDP NAT timeout. After the port changes, the dnsproxy server still sends packets to the old port number.
Here is a packet capture sample (QUIC decrypted, dnsproxy version: v0.43.1).
The client sent the query with source port 8958
But the server sent the answer to port 8947, which was used previously.
BTW. I'm a newbie for QUIC. Please let me know if I missed something. Thanks.
The text was updated successfully, but these errors were encountered: