Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_DnsResolver / 1aede8135e8a227e127f826f38073eba7447c382
commit1aede8135e8a227e127f826f38073eba7447c382[log] [tgz]
authorMike Yu <yumike@google.com>Tue May 11 14:49:30 2021 +0800
committerMike Yu <yumike@google.com>Sat Jun 05 23:30:45 2021 +0800
tree7359b314bb0e92d2e78b49598ffe96afd38b98a7
parent8d636aebd52fca96b732a44792a1918cd9ac0143 [diff]
Support evaluating private DNS by latency

The evaluation is limited to opportunistic mode and is implemented
as a flag-off feature. It is introduced to avoid from using high
latency private DNS servers.

The latency of a server is considered high if it's higher than a
latency threshold which is calculated based on the average latency of
cleartext DNS server:

  latency threshold = std::clamp(3 * mean_do53_latency_ms,
      min_private_dns_latency_threshold_ms,
      max_private_dns_latency_threshold_ms)

, where min_private_dns_latency_threshold_ms is 500 ms by default and
max_private_dns_latency_threshold_ms is 2000 ms by default.

If there's no Do53 average latency for reference, the latency threshold
is min_private_dns_latency_threshold_ms.

The evaluation of a private DNS server works in two phases.

Phase 1: In this phase, Private DNS Validation is being performed,
and the server is not considered validated. The server latency is
evaluated by sending a probe. If the latency is lower than a the
latency threshold, the server state is transitioned to Validation::success.
The evaluation goes to phase 2.

Phase 2: In this phase, the server is considered validated and
DnsResolver can send DNS queries to the server. The server latency
is evaluated by the query response time, and the same latency threshold
is used. If there are several, 10 by default, query response time
failed to meet the time threshold in a row, the server state is
transitioned to Validation::in_process. The evaluation goes to phase 1.

Bug: 188153519
Test: run atest with all the flags off/on
        avoid_bad_private_dns: 0 / 1
        sort_nameservers: 0 / 1
        dot_xport_unusable_threshold: -1 / 20
        dot_query_timeout_ms: -1 / 10000
        min_private_dns_latency_threshold_ms: -1 / 500
        keep_listening_udp: 0 / 1
        parallel_lookup_sleep_time: 2 / 2
        dot_revalidation_threshold: -1 / 10
        max_private_dns_latency_threshold_ms: -1 / 2000
        dot_async_handshake: 0 / 1
        dot_maxtries: 3 / 1
        dot_connect_timeout_ms: 127000 / 10000
        parallel_lookup_release: UNSET / UNSET

Change-Id: Ib681b1ea1417eadac9c013f19549a9fa7c408696
11 files changed
tree: 7359b314bb0e92d2e78b49598ffe96afd38b98a7
  1. aidl_api/
  2. apex/
  3. binder/
  4. include/
  5. tests/
  6. .clang-format ⇨ ../../../build/soong/scripts/system-clang-format
  7. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  8. .editorconfig
  9. Android.bp
  10. cbindgen.toml
  11. Dns64Configuration.cpp
  12. Dns64Configuration.h
  13. DnsProxyListener.cpp
  14. DnsProxyListener.h
  15. DnsQueryLog.cpp
  16. DnsQueryLog.h
  17. DnsQueryLogTest.cpp
  18. DnsResolver.cpp
  19. DnsResolver.h
  20. DnsResolverService.cpp
  21. DnsResolverService.h
  22. DnsStats.cpp
  23. DnsStats.h
  24. DnsStatsTest.cpp
  25. DnsTlsDispatcher.cpp
  26. DnsTlsDispatcher.h
  27. DnsTlsQueryMap.cpp
  28. DnsTlsQueryMap.h
  29. DnsTlsServer.cpp
  30. DnsTlsServer.h
  31. DnsTlsSessionCache.cpp
  32. DnsTlsSessionCache.h
  33. DnsTlsSocket.cpp
  34. DnsTlsSocket.h
  35. DnsTlsSocketFactory.h
  36. DnsTlsTransport.cpp
  37. DnsTlsTransport.h
  38. doh.h
  39. doh.rs
  40. Experiments.cpp
  41. Experiments.h
  42. ExperimentsTest.cpp
  43. getaddrinfo.cpp
  44. getaddrinfo.h
  45. gethnamaddr.cpp
  46. gethnamaddr.h
  47. hostent.h
  48. IDnsTlsSocket.h
  49. IDnsTlsSocketFactory.h
  50. IDnsTlsSocketObserver.h
  51. IPrivateDnsServer.h
  52. libnetd_resolv.map.txt
  53. LockedQueue.h
  54. NOTICE
  55. OperationLimiter.h
  56. OperationLimiterTest.cpp
  57. OWNERS
  58. params.h
  59. PREUPLOAD.cfg
  60. PrivateDnsCommon.h
  61. PrivateDnsConfiguration.cpp
  62. PrivateDnsConfiguration.h
  63. PrivateDnsConfigurationTest.cpp
  64. PrivateDnsValidationObserver.h
  65. README-DoT.md
  66. README.md
  67. res_cache.cpp
  68. res_comp.cpp
  69. res_comp.h
  70. res_debug.cpp
  71. res_debug.h
  72. res_mkquery.cpp
  73. res_query.cpp
  74. res_send.cpp
  75. res_send.h
  76. res_stats.cpp
  77. resolv_cache.h
  78. resolv_private.h
  79. resolv_rust_test_config_template.xml
  80. resolv_test_config_template.xml
  81. ResolverController.cpp
  82. ResolverController.h
  83. ResolverEventReporter.cpp
  84. ResolverEventReporter.h
  85. ResolverStats.h
  86. sethostent.cpp
  87. stats.h
  88. stats.proto
  89. TEST_MAPPING
  90. util.cpp
  91. util.h
README.md

Logging

This code uses LOG(X) for logging. Log levels are VERBOSE,DEBUG,INFO,WARNING and ERROR. The default setting is WARNING and logs relate to WARNING and ERROR will be shown. If you want to enable the DEBUG level logs, using following command. adb shell service call dnsresolver 10 i32 1 VERBOSE 0 DEBUG 1 INFO 2 WARNING 3 ERROR 4 Verbose resolver logs could contain PII -- do NOT enable in production builds.