Re: DNS prefetching
2009-01-13 06:06:44 GMT
Hi
I think DNS prefetching should be less of a concern than HTTP prefetching, given DNS caching.
If your ISP's/network's DNS server is caching, and the link is to a site with a sensible TTL, then
the extra network impact of DNS prefetching should be marginal, especially for popular pages.
Also, the size of the data being transferred with DNS is smaller, and the efficiency is better.
Now, one security concern, is if a web page has a huge number of links, all to different host names.
It might be sensible to set a limit, e.g. on any web page, I will prefetch the first 20 hostnames
I see, but stop there. Otherwise, I could insert into a HTML page hidden links to h1.example.com,
h2.example.com, .... up to h1000000.example.com, and then have your web browser blindly issue
1,000,000 DNS queries. Another security requirement would be to have a sensible pause between
each lookup, or else I could use that nasty HTML page to flood your DNS server.
Cheers
Simon
seems to be catching on:
https://addons.mozilla.org/en-US/firefox/addon/8923
and this
http://plasmasturm.org/log/528/
implies that Google's new Chrome browser does it.
I'm curious to know what the IETF community thinks of this. The Web caching community experimented with HTTP prefetching for a while (and I believe that some browsers also dabble with it), but we were burnt by unintended side effects (e.g., taking sites down with the extra traffic, burning up costly bandwidth in non-US locations).
Also, are there any security implications here, considering that DNS-based attacks often rely upon timing?
Cheers,
--
Mark Nottingham http://www.mnot.net/
_______________________________________________
Apps-Discuss mailing list
Apps-Discuss <at> ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss
_______________________________________________ Apps-Discuss mailing list Apps-Discuss <at> ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss
RSS Feed