[dns-operations] can UDP really be used for anything in "today's Internet?"

[Edward Lewis]

At 14:18 -0800 3/23/06, Rick Jones wrote:
>With all this talk about spoofing source IPs on DNS queries, open
>relays, amplification and the lack of incentive for BCP38 and such I
>have to wonder - can UDP, with its lack of a "handshake" really be
>used/trusted for anything on "today's Internet?"

I think that's a good question, but probably not right for this 
mailing list as our collective wisdom is probably not a global 
maximum on transport issues.

>And if so, what implications does that have for DNS?

That's in play though.

I think it'll be important to retain the lightweight nature of UDP 
for stub resolvers (the last mile).  Whether or not UDP remains (over 
the decades) as necessary for the interactions of full-service 
servers is something I can see being debated.

I'm not suggesting that DNS (can/should) discontinue UDP as it's main 
transport, but...

E.g., if we were to say "any router that filters away RFC 1918 
addressed packets ought to also filter away UDP port 53" what would 
be the implications?  What would be the impact on the root servers 
and other heavily used authoritative servers?

I am not optimistic that this is "the way to go (tm)."  It sounds 
like unnecessary complexity for one, and the use of the network layer 
protocols to enforce an application layer restriction.  But 
discussion on this is might be enlightening.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Nothin' more exciting than going to the printer to watch the toner drain...