63
edits
Security/DNS Over HTTPS: Difference between revisions
Jump to navigation
Jump to search
add todos
(improve reading flow) |
(add todos) |
||
| Line 3: | Line 3: | ||
== Rollout == | == Rollout == | ||
* The DoH frontend | * The DoH frontend and its sub-features are gated behind prefs that are set to true via Normandy Rollouts, which allows us to target specific regions and control population size and growth so we can manage risk. | ||
* The pref `doh-rollout.enabled`, serves as a blanket gate. Every mechanism described below depends on this pref being set to true. | |||
* Individual mechanisms may be additionally gated behind their own prefs. This is indicated where relevant. | * Individual mechanisms may be additionally gated behind their own prefs. This is indicated where relevant. | ||
* | * TODO: links to tickets, bugs, dashboards etc. | ||
== Heuristics == | == Heuristics == | ||
| Line 12: | Line 12: | ||
* We run various heuristics to determine whether the network is (un)suitable to enable DoH. | * We run various heuristics to determine whether the network is (un)suitable to enable DoH. | ||
* The heuristics are run at startup and upon network changes. | * The heuristics are run at startup and upon network changes. | ||
* DoH is enabled on the network if all heuristics pass. | * DoH is enabled on the network if all heuristics pass, and disabled otherwise. | ||
* TODO: more details, individual docs for each heuristic, flow diagram | |||
== Respecting User-choice == | == Respecting User-choice == | ||
| Line 31: | Line 32: | ||
* A network-provided endpoint, if detected, will take precedence over the default provider when on that network. (See Provider Steering below) | * A network-provided endpoint, if detected, will take precedence over the default provider when on that network. (See Provider Steering below) | ||
* This feature is controlled by the prefs `doh-rollout.trr-selection.enabled`. | * This feature is controlled by the prefs `doh-rollout.trr-selection.enabled`. | ||
* TODO: sub-page for documenting the mechanism, flow diagram, links to code/docs | |||
== Provider Steering == | == Provider Steering == | ||
| Line 41: | Line 43: | ||
* Currently, Comcast is the only supported provider. | * Currently, Comcast is the only supported provider. | ||
* This feature is controlled by the pref `doh-rollout.provider-steering.enabled`. | * This feature is controlled by the pref `doh-rollout.provider-steering.enabled`. | ||
* TODO: sub-page for documenting the mechanism, flow diagram, links to code/docs | |||
== Opt-out Doorhanger == | == Opt-out Doorhanger == | ||
| Line 48: | Line 51: | ||
* The doorhanger is shown only if the rollout is "successful" - i.e. the user did not already have custom DoH preferences or active enterprise policy. | * The doorhanger is shown only if the rollout is "successful" - i.e. the user did not already have custom DoH preferences or active enterprise policy. | ||
* The doorhanger is implemented as a CFR message, gated behind the relevant prefs. | * The doorhanger is implemented as a CFR message, gated behind the relevant prefs. | ||
* TODO: links to CFR code/docs, screenshot | |||
== Telemetry == | == Telemetry == | ||
| Line 54: | Line 58: | ||
* A ''state'' event is sent when the DoHController's state changes, e.g. when DoH is enabled or disabled on the network, when a user-choice results in disabling heuristics, when a rollback is detected, etc. | * A ''state'' event is sent when the DoHController's state changes, e.g. when DoH is enabled or disabled on the network, when a user-choice results in disabling heuristics, when a rollback is detected, etc. | ||
* A ''heuristics'' event is sent whenever we run heuristics, containing the result of each heuristic as its payload, along with the trigger (e.g. startup, network change) and the provider steering status. | * A ''heuristics'' event is sent whenever we run heuristics, containing the result of each heuristic as its payload, along with the trigger (e.g. startup, network change) and the provider steering status. | ||
* TODO: links to Events.yaml, data review bugs, etc. | |||
== Migrations == | == Migrations == | ||
| Line 60: | Line 65: | ||
* Two of the migrations work on the format of stored state (local storage and prefs) | * Two of the migrations work on the format of stored state (local storage and prefs) | ||
* During a dry-run-only test of Default Provider Selection, an underlying bug was triggered that caused clients to effectively DDoS NextDNS's endpoint. In the aftermath, a new endpoint was set up and we have a migration to convert occurrences of the old endpoint in stored URI values to the new one. | * During a dry-run-only test of Default Provider Selection, an underlying bug was triggered that caused clients to effectively DDoS NextDNS's endpoint. In the aftermath, a new endpoint was set up and we have a migration to convert occurrences of the old endpoint in stored URI values to the new one. | ||
* TODO: sub-page with details on each migration, versioning, links to code. | |||