[dns-operations] DNSCrypt.

Dobbins, Roland rdobbins at arbor.net
Fri May 31 15:24:48 UTC 2013

On May 31, 2013, at 10:17 PM, Paul Wouters wrote:

> Whoever designs a security protocol with no crypto algility should take up another hobby, something nice like gardening or star gazing.

There's no crypto anything inherent in DNS today, heh.  VPN transport-level security is the only option, DNSCrypt being an example of an organic VPN, which greatly reduces the barrier to deployment.

There are many drawbacks to it, don't get me wrong.  I just thought it was interesting, especially given a) the TCP angle and the benefits thereof and b) the additional scaling and other operational drawbacks of SSL, in addition to TCP overhead and misfiltering.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list