[dns-operations] Comparing TCP and UDP response times of root name servers

John Kristoff jtk at cymru.com
Wed Nov 21 14:46:40 UTC 2012


On Wed, 21 Nov 2012 14:19:02 +0000
Tony Finch <dot at dotat.at> wrote:

> I doubt it would provide any advantage compared to DNS over TCP.

Your doubt isn't very convincing to me, but I'm not inclined to argue
too strenuously that it would be worth doing in lieu of just utilizing
TCP.  Nevertheless, I would certainly be interested in experimenting
with a DNS over DCCP implementation if someone builds it.

> You can't fix an attack by inviting the attackers to change to a more
> well-behaved protocol.

The annoying source spoofed attacks that result in reflection and
amplification, and to the degree that they are actually happening in
the wild or not the Kaminsky-style cache poisoning, would help address
the problem if something like DCCP were to supplant UDP.

Note, there are a number of services over UDP that might benefit from
a change away from UDP for similar reasons.  Architecturally DCCP seems
to make more sense to me than the heavier TCP-based or
application-specific solution like than Donald Eastlake's draft Paul
pointed to, but I realize deep architectural changes are unlikely.

John



More information about the dns-operations mailing list