These are chat archives for CZ-NIC/knot-resolver

2nd
Apr 2018
Daniel Aleksandersen
@da2x
Apr 02 2018 19:48
Is there a better way to randomize DNS service provider selection?
https://gist.github.com/da2x/36d440758e996b18c152891c83d4c731
TLS_FORWARD only allows four table entries and always chooses the fastest. I’d like to spread requests out among a few randomly selected resolvers to improve privacy by not sending absolutely all my data to one upstream provider.
Vladimír Čunát
@vcunat
Apr 02 2018 21:30
The code you wrote will randomize just once during the start. There's no easy way for this, I believe. It's possible to write one's own policy that does this. If you look at set_nslist https://gitlab.labs.nic.cz/knot/knot-resolver/blob/master/modules/policy/policy.lua#L83 - that's where the module sets the list - so one can modify it to only set one address that is chosen randomly every time (on every request).
@da2x ^^
Daniel Aleksandersen
@da2x
Apr 02 2018 21:54
@vcunat would it help moving either the filter or action to custom functions here?
Should this server selection behavior not be configurable? Three levels: prefer_fastest, more_private (choose faster servers more often), (entirely) random.
Vladimír Čunát
@vcunat
Apr 02 2018 22:44
That configurability doesn't seem too well motivated. ATM we allow up to four IPs in a single list. Seeing a quarter of requests doesn't seem a significant privacy improvement. With custom code on lua level it's easier to choose from an arbitrarily long list.
Graham Christensen
@grahamc
Apr 02 2018 22:47
Hi, running kresd 2.1.1 I'm not seeing any cache stats:
> cache.size
error: Function not implemented
> cache.stats()
[hit] => 0
[delete] => 0
[miss] => 0
[insert] => 0
> map 'cache.stats()'
[1] => {
    [hit] => 0
    [delete] => 0
    [miss] => 0
    [insert] => 0
}