Networking/Archive/Necko/DNS/ResolverIntegration

From MozillaWiki
Jump to: navigation, search
ARCHIVED
This page has been archived and its contents may be out of date.

Summary

We're planning to integrate a DNS resolver into Gecko. Our primary motivation is performance, but we're also interested in a number of new security features such as DNSSEC.

For performance in particular we want better parallelism, access to TTL, better ordering of IPv4 and IPv6 queries.

Primary engineers:

  • Steve Workman (Mozilla)
  • Josh Aas (Mozilla)
  • Wouter Wijngaards (NLNet Labs)

The current plan is to use NLNet's libunbound along with Chromium's OS configuration detection code. We estimate (very roughly) that this will total 100-150k lines of code.

Chromium's code for reading OS configurations lives in their "src/net/dns" directory. We're primarily interested in the list of DNS servers we should be using.

The libunbound code is developed by NLNet Labs. The libunbound site is unbound.net.

Code Structure

  • netwerk/dns/* directories:
    • cache (code for caching results, likely using sqlite)
    • os-config (code from Chromium for OS configuration)
    • os-resolver (fallback code using operating system resolver)
    • resolver (libunbound)

Work Items

  1. [Josh] Bring in system integration code from Chromium.
  2. [Wouter] Add ability to configure libunbound to build only the library, not the daemon.
  3. [Wouter/Brian] Make libunbound work with NSS instead of OpenSSL. Do this by making a build-time option to compile with NSS. Brian Smith from Mozilla will help.
  4. [Josh] Configure libunbound to use minimal threads with 256 query max per thread.
  5. [Josh] Detect errors using libunbound and fall back to using the OS resolver.
  6. [Josh] Optimize caching values within libunbound, add subsystem to cache to disk.
  7. [?] Eliminate unnecessary code and dependencies, perhaps even the entirety of ldns.
  8. [?] Turn on DNSSEC.