Thing is, DNS was already multiplexed. HTTP/2, brings multiplexing to HTTP, which is really cool. But DNS-over-TLS was enough. I don’t see a world where everything is DoH capable, instead a sharded one where DoH starts pulling DNS in a direction that many devices can’t follow.https://twitter.com/grittygrease/status/1053712000759455744 …
Browsers that support DoH want to multiplex DNS and HTTP over one TCP connection.
-
-
Yes, I get that, and it’s possibly the best reason. But how many sites will you trust for DNS resolution? Won’t you still end up with DNS connections going to http://dns.cloudflare.com , and then a subsequent new connection to the site you connect to?
-
Even with HTTP/2, don’t you need to establish a new TLS connection per site?
-
Both
@mcmanusducksong and@grittygrease could explain the exact mechanisms easier than me, but I would expect that if you visit 10 sites hosted by Cloudflare you'd have ~100x different domain names and potentially only 1 TCP connection to Cloudflare for all of them. -
But not just TCP, right? Also TLS? HTTP/2 multiplexing happens over TLS, right? I mean I get that they could use a connection to some site hosted with cloudlfare to also serve DNS, but when traversing other sites you still need a new TCP connection for each TLS conn, right?
-
Not if they're all terminated at Cloudflare. HTTP/2 connection coalescing and Alt-Svc and ORIGIN frame mean you can multiplex many different websites' connections over one HTTPS (HTTP over TLS over TCP) connection. I'm not sure which browsers & which CDNs support which features.
-
I need to go read that in more detail, thanks for correcting me.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.