[dns-operations] Some DNSSEC trivia
Tony Finch
dot at dotat.at
Thu Jan 10 12:49:42 UTC 2008
On Wed, 9 Jan 2008, Paul Vixie wrote:
>
> > I'd rather see that servers respond to 53/TCP in all cases. That way,
> > a resolver which detects that it's under a spoofing attack can fall
> > back to TCP, hopefully relying on the somewhat stronger TCP sequence
> > numbers.
>
> there's just no way to meet the transaction rate requirements, even with
> TTCP if that were universally deployed. state is the enemy of scale.
T/TCP isn't robust enough for use on the public Internet and what
implementations there were have suffered severe bit rot.
http://tcp-impl.grc.nasa.gov/tcp-impl/list/archive/1292.html
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FISHER GERMAN BIGHT: SOUTHWESTERLY 7 TO SEVERE GALE 9, PERHAPS STORM 10 LATER.
ROUGH OR VERY ROUGH. RAIN OR SQUALLY SHOWERS. MODERATE OR POOR.
More information about the dns-operations
mailing list