[dns-operations] Kaminsky: Protect IP Act Would Break DNS

[Florian Weimer]

* Joe Greco:

> However, those solutions are much more fraught with peril.  When
> you start interfering with IP addresses, for example, even assuming
> you could inject a v4 /32, you may take down a whole slew of sites
> unrelated to what you are attempting to target.

This is not rocket science.  You route the /32 to the interception
device, and do whatever processing is necessary at the higher protocol
level.  It's probably sufficient if you match on a few characteristic
keywords/bit strings there.  Clean interception based on URIs (or
their application-specific equivalent) is difficult, but would
probably be required by law.

> Are your average authoritative servers actually stressed out by the
> level of traffic?

I think that most traffic to TLD servers is not related to name
resolution in the original sense anyway, so increased resolver traffic
would just recover lost ground there.