-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(client/cordova/apple): [1980] randomize list of dns severs #2008
base: master
Are you sure you want to change the base?
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
@@ -70,6 +70,8 @@ public class OutlineTunnel: NSObject, Codable { | |||
@objc public static func getTunnelNetworkSettings(tunnelRemoteAddress: String) -> NEPacketTunnelNetworkSettings { | |||
// The remote address is not used for routing, but for display in Settings > VPN > Outline. | |||
let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress) | |||
var dnsList = ["1.1.1.1", "9.9.9.9", "208.67.222.222", "208.67.220.220"] | |||
dnsList.shuffle() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not clear to me this will fix the issue. You will still get 1.1.1.1 for all queries in 1/4 of the sessions.
How does the server selection work on iOS/macOS? Will the system not automatically fallback to the next DNS address? Why does the api take multiple addresses?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My goal is not to completely remove queries to 1.1.1.1, but to reduce queries to this DNS provider. It's not a complete fix, and I'm not sure that a full fix is possible, as I still have no answer from Cloudflare. However, it will help reduce the chance of receiving REFUSED responses from Cloudflare. I'm pretty sure that Cloudflare has limitations, which is reasonable, especially for DOT/DOH, but they have said nothing.
How does the server selection work on iOS/macOS? Will the system not automatically fallback to the next DNS address? Why does the api take multiple addresses?
This is a good question. I tried to ask Apple support about this in this thread: https://discussions.apple.com/thread/255581809?sortBy=best, but I still have no answer to my questions.
Probably, MacOS/iOS doesn't switch to another DNS because we didn't get a DNS timeout error, but a REFUSED response instead. I didn't find any RFC that describes client behavior in such a case.
I did some tests and can confirm that MacOS/iOS caches REFUSED queries for some time. You can see logs of MacOS mDNSResponder in my thread with Apple which confirm this. So, that's the big problem for mobile users and mobile apps.
7012b41
to
ef05a87
Compare
fixed tests |
Just add a simple shuffle for list of dns servers
According to issue #1980