We're planning to integrate a DNS resolver into Gecko. Our primary motivation is performance, but we're also interested in a number of new security features such as DNSSEC.
For performance in particular we want better parallelism, access to TTL, better ordering of IPv4 and IPv6 queries.
- Steve Workman (Mozilla)
- Josh Aas (Mozilla)
- Wouter Wijngaards (NLNet Labs)
The current plan is to use NLNet's libunbound along with Chromium's OS configuration detection code. We estimate (very roughly) that this will total 100-150k lines of code.
Chromium's code for reading OS configurations lives in their "src/net/dns" directory. We're primarily interested in the list of DNS servers we should be using.
- netwerk/dns/* directories:
- cache (code for caching results, likely using sqlite)
- os-config (code from Chromium for OS configuration)
- os-resolver (fallback code using operating system resolver)
- resolver (libunbound)
- [Josh] Bring in system integration code from Chromium.
- [Wouter] Add ability to configure libunbound to build only the library, not the daemon.
- [Wouter/Brian] Make libunbound work with NSS instead of OpenSSL. Do this by making a build-time option to compile with NSS. Brian Smith from Mozilla will help.
- [Josh] Configure libunbound to use minimal threads with 256 query max per thread.
- [Josh] Detect errors using libunbound and fall back to using the OS resolver.
- [Josh] Optimize caching values within libunbound, add subsystem to cache to disk.
- [?] Eliminate unnecessary code and dependencies, perhaps even the entirety of ldns.
- [?] Turn on DNSSEC.