Confusion over forwarders configuration #1175
Comments
|
Thanks for asking. The current forwarder option is deliberately designed to avoid mixing secure and insecure protocols accidentally as discussed in #308 and #920. Without such a design, many users would misconfigure and believe that they are using secure protocols only to later find that one of the forwarders is using UDP and they were insecure the whole time. You can still have such a config using Conditional Forwarder zone for root The config for forwarders do not use URI format since these are not really URIs that point to a resource and DNS config traditionally uses just the IP address string which is why the current format was designed. |
The Concurrent Forwarding feature will send requests to multiple forwarders depending on the forwarder concurrency configured which is default set to 2. So, it will pick 2 fastest forwarders based on the machine learning algorithm and query concurrently. The fastest result is used and the other concurrent requests are cancelled and their response, if any, is ignored. The only condition when the fastest response is not used is when the response code is ServerFailure (or similar cases), or when it fails DNSSEC validation. In such case, it waits for the response from the other forwarders or tries the remaining ones. |
Due to multiple upstream routes, I have multiple forwarders available. Each having compromises in speed, transport and features.
The configuration page for forwarders seems to enforce all forwarders, regardless of underlying transport, must share the same protocol.
I understand that TNDS sends out parallel requests to all forwarders, and so by design will always prefer and cache the one that returns a positive result in the fastest time. As a side thought; What happens if results differ in success or resolution? Does that create a race condition? Or is there some sort of weighting applied?
My confusion:
How to handle the case that the forwarders at our disposal don't share the same protocols, e.g. The fastest is UDP/53 only but does not do IPV6. Slower ones can do DoH but are via an IPV6 tunnel.
This is sort of related to #1172, where it is stated there is a lack of HTTP UX features to create a better UX, but does not consider there is already has a free-form text box that could express any service with well-understood syntax with subsequent sanitisation.
I.e. could the UI be simplified to embed the entire service URI following defined standards into the configuration line, or that just not possible for other reasons?
e.g.
udpdns://server1:53 https://server2:443/service tcpdns://server3:53 tls://server4:service quic://server5/service(BTW: I included the
//despite it being completely redundant as per TimBL's statements on the matter)The text was updated successfully, but these errors were encountered: