feat(client/cordova/apple): [1980] randomize list of dns severs #2008
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
daniellacosse
changed the title
daniellacosse
changed the title
| @@ -70,6 +70,8 @@ public class OutlineTunnel: NSObject, Codable { | |||
| @objc public static func getTunnelNetworkSettings(tunnelRemoteAddress: String) -> NEPacketTunnelNetworkSettings { | |||
| // The remote address is not used for routing, but for display in Settings > VPN > Outline. | |||
| let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress) | |||
| var dnsList = ["1.1.1.1", "9.9.9.9", "208.67.222.222", "208.67.220.220"] | |||
| dnsList.shuffle() | |||
There was a problem hiding this comment.
It's not clear to me this will fix the issue. You will still get 1.1.1.1 for all queries in 1/4 of the sessions.
How does the server selection work on iOS/macOS? Will the system not automatically fallback to the next DNS address? Why does the api take multiple addresses?
There was a problem hiding this comment.
My goal is not to completely remove queries to 1.1.1.1, but to reduce queries to this DNS provider. It's not a complete fix, and I'm not sure that a full fix is possible, as I still have no answer from Cloudflare. However, it will help reduce the chance of receiving REFUSED responses from Cloudflare. I'm pretty sure that Cloudflare has limitations, which is reasonable, especially for DOT/DOH, but they have said nothing.
How does the server selection work on iOS/macOS? Will the system not automatically fallback to the next DNS address? Why does the api take multiple addresses?
This is a good question. I tried to ask Apple support about this in this thread: https://discussions.apple.com/thread/255581809?sortBy=best, but I still have no answer to my questions.
Probably, MacOS/iOS doesn't switch to another DNS because we didn't get a DNS timeout error, but a REFUSED response instead. I didn't find any RFC that describes client behavior in such a case.
I did some tests and can confirm that MacOS/iOS caches REFUSED queries for some time. You can see logs of MacOS mDNSResponder in my thread with Apple which confirm this. So, that's the big problem for mobile users and mobile apps.
serge-r
force-pushed
the
dns-randomize
branch
4 times, most recently
from
7012b41
to
ef05a87
Compare
|
fixed tests |
Just add a simple shuffle for list of dns servers
According to issue #1980