/plushcap/analysis/cloudflare/connection-coalescing-with-origin-frames-fewer-dns-queries-fewer-connections

Connection coalescing with ORIGIN Frames: fewer DNS queries, fewer connections

What's this blog post about?

The Internet's Domain Name System (DNS) is one of the most critical components that enable web browsing. It's used by clients to discover and resolve IP addresses for requested hostnames. However, DNS queries can expose client metadata such as which websites a user is visiting or interacting with, to network eavesdroppers. One of the ways in which modern browsers attempt to protect this information from being exposed over plaintext UDP/TCP connections on port 53 is by implementing Encrypted Client Hello (ECH) and DNS over HTTPS (DoH), but these do not completely solve the problem as there are other sources of metadata leakage. A more effective way to minimize such metadata leaks can be achieved using HTTP/2 ORIGIN Frames, which allow a server to specify that it is acting on behalf of another hostname when serving resources for a client's web page load request. By doing so, clients can coalesce multiple connections into one, thereby reducing the number of DNS queries and TLS handshakes needed, while also minimizing the exposure of cleartext DNS information to network observers. In a recent study by researchers at Cloudflare, they found that by enabling ORIGIN Frames for resources from their cdnjs CDN service on over 5000 websites, they were able to achieve up to a 50% reduction in new TLS connections per second and a 60% decrease in DNS queries. These results highlight the potential benefits of adopting ORIGIN Frames for enhancing both performance and privacy in today's Internet ecosystem. To further promote their use, server operators are encouraged to add support for HTTP/2 ORIGIN Frames on their endpoints.

Company
Cloudflare

Date published
Sept. 4, 2023

Author(s)
Suleman Ahmad, Jonathan Hoyland, Sudheesh Singanamalla

Word count
3190

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.