[dns-operations] can UDP really be used for anything in "today's Internet?"
Ed.Lewis at neustar.biz
Thu Mar 23 23:13:38 UTC 2006
At 14:18 -0800 3/23/06, Rick Jones wrote:
>With all this talk about spoofing source IPs on DNS queries, open
>relays, amplification and the lack of incentive for BCP38 and such I
>have to wonder - can UDP, with its lack of a "handshake" really be
>used/trusted for anything on "today's Internet?"
I think that's a good question, but probably not right for this
mailing list as our collective wisdom is probably not a global
maximum on transport issues.
>And if so, what implications does that have for DNS?
That's in play though.
I think it'll be important to retain the lightweight nature of UDP
for stub resolvers (the last mile). Whether or not UDP remains (over
the decades) as necessary for the interactions of full-service
servers is something I can see being debated.
I'm not suggesting that DNS (can/should) discontinue UDP as it's main
E.g., if we were to say "any router that filters away RFC 1918
addressed packets ought to also filter away UDP port 53" what would
be the implications? What would be the impact on the root servers
and other heavily used authoritative servers?
I am not optimistic that this is "the way to go (tm)." It sounds
like unnecessary complexity for one, and the use of the network layer
protocols to enforce an application layer restriction. But
discussion on this is might be enlightening.
Edward Lewis +1-571-434-5468
Nothin' more exciting than going to the printer to watch the toner drain...
More information about the dns-operations