[dns-operations] charter, sitefinder, opendns (slashdot today)
David Ulevitch
davidu at everydns.net
Fri Feb 16 01:33:49 UTC 2007
Paul Vixie wrote:
>> Do we see udp port 53 hijacking as the next step in this ?
>>
>
> yes. which is why i'm trying to get mark kosters to dust off his plan for
> carrying DNS messages inside HTML. udp/53 and tcp/53 are just transports;
> a dns server like BIND could also listen on tcp/80, and if a schema were
> well defined and standardized, then folks like opendns could use it. then
> we'll see tcp/443 (https) in order to force isp's to keep their hands off.
>
> naturally i'd've preferred to see DNSSEC, but tactics beat strategy every
> day and twice on sunday, so i'm just saying what i expect will really happen.
>
And taken to its logical end would mean that all services will run on
port 80 and we'll just differentiate based on IP address.
Now, to make this all work, all we need is a reputation service for IP
addresses[1]. The plan is perfect[2].
-david
1: Hi Karmasphere, Hi Damballa. Hi x, y and z. :-)
2: And it worked so well for spam.
More information about the dns-operations
mailing list