[dns-operations] Force TCP for external quereis to Open Resolvers?
Joe Abley
jabley at hopcount.ca
Sun Mar 31 16:17:58 UTC 2013
On 2013-03-31, at 12:09, Vernon Schryver <vjs at rhyolite.com> wrote:
>>> Only the DNS people think that. The HTTP people are used to many TCP
>>> connections to manage and do not think it is impossible.
>
>> So we could abandon DNS/UDP and move exclusively to DNS/TCP?
>
> No one said that it is "impossible" to handle lots of DNS/TCP connections.
There seems to be an implicit assumption in this thread that when we say DNS over TCP, we mean setting up a TCP session and tearing it down again once per query.
If instead we imagine persistent pools of TCP connections open between stubs and resolvers which are rarely set up or torn down, how is the overhead in bandwidth, latency and CPU cycles substantially different from UDP?
Keeping state for millions of connections sounds like a bit of a nightmare, granted. :-)
And I am not blind to the fact that lacking today's low-hanging DNS fruit, attackers will just switch to some other protocol/service.
Joe
More information about the dns-operations
mailing list