Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 1aede813 authored by Mike Yu's avatar Mike Yu
Browse files

Support evaluating private DNS by latency 

The evaluation is limited to opportunistic mode and is implemented
as a flag-off feature. It is introduced to avoid from using high
latency private DNS servers.

The latency of a server is considered high if it's higher than a
latency threshold which is calculated based on the average latency of
cleartext DNS server:

  latency threshold = std::clamp(3 * mean_do53_latency_ms,
      min_private_dns_latency_threshold_ms,
      max_private_dns_latency_threshold_ms)

, where min_private_dns_latency_threshold_ms is 500 ms by default and
max_private_dns_latency_threshold_ms is 2000 ms by default.

If there's no Do53 average latency for reference, the latency threshold
is min_private_dns_latency_threshold_ms.

The evaluation of a private DNS server works in two phases.

Phase 1: In this phase, Private DNS Validation is being performed,
and the server is not considered validated. The server latency is
evaluated by sending a probe. If the latency is lower than a the
latency threshold, the server state is transitioned to Validation::success.
The evaluation goes to phase 2.

Phase 2: In this phase, the server is considered validated and
DnsResolver can send DNS queries to the server. The server latency
is evaluated by the query response time, and the same latency threshold
is used. If there are several, 10 by default, query response time
failed to meet the time threshold in a row, the server state is
transitioned to Validation::in_process. The evaluation goes to phase 1.

Bug: 188153519
Test: run atest with all the flags off/on
        avoid_bad_private_dns: 0 / 1
        sort_nameservers: 0 / 1
        dot_xport_unusable_threshold: -1 / 20
        dot_query_timeout_ms: -1 / 10000
        min_private_dns_latency_threshold_ms: -1 / 500
        keep_listening_udp: 0 / 1
        parallel_lookup_sleep_time: 2 / 2
        dot_revalidation_threshold: -1 / 10
        max_private_dns_latency_threshold_ms: -1 / 2000
        dot_async_handshake: 0 / 1
        dot_maxtries: 3 / 1
        dot_connect_timeout_ms: 127000 / 10000
        parallel_lookup_release: UNSET / UNSET

Change-Id: Ib681b1ea1417eadac9c013f19549a9fa7c408696
parent 8d636aeb
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment