[dns-operations] Kaminsky: Protect IP Act Would Break DNS

David Conrad drc at virtualized.org
Sun Jul 17 21:29:41 UTC 2011

On Jul 17, 2011, at 2:57 AM, Dobbins, Roland wrote:
> On Jul 17, 2011, at 7:08 PM, Joe Greco wrote:
>> That's like saying we lack hard data about climate change.
> Beyond knowing that the climate 'changes' four times a year, we do in fact lack any hard data which can be relied upon in even the most cavalier fashion in this arena, so this might not be the best analogy to make.

If you're arguing that folks will ignore data that disagrees with their ideological stance, I'd unfortunately have to agree. 

However, in the context of this thread, data on DNS behavior is somewhat limited.  What we do have suggests to me that an increase in the diversity of query sources and number of queriers would get lost in the vast tracts of crap that already gets thrown at authoritative servers. 

Unfortunately, as someone who for a time ran a local (validating) caching resolver on my laptop, operational reality is that turns out to be a pain.  There are too many stupid middleboxes and ISPs (T-Mobile Hotspot, I'm looking at you) that block port 53, particularly on user validation.  For example, every time I was at LAX, I'd have to switch my resolv.conf to use T-Mobile's DNS servers so I could connect to a web page to authenticate myself.  If I didn't, I'd get DNS lookup failures in my web browser.  Quite annoying.

Given ISPs now monetize port 53, I have some skepticism this will get better.


More information about the dns-operations mailing list