[dns-operations] resolvers considered harmful

Andrew Sullivan ajs at anvilwalrusden.com
Wed Oct 22 17:16:15 UTC 2014


On Wed, Oct 22, 2014 at 12:47:39PM -0400, Mark Allman wrote:

>   leaving recursive resolution to the clients.  We show that the two
>   primary costs of this approach---loss of performance and an increase
>   in system load---are modest and therefore conclude that this approach
>   is beneficial for strengthening the DNS by reducing the attack
>   surface.

As long as you only count costs _to you_, externalizing costs is often
a good idea.

There's a third cost here, and that is a large increase in costs to
authoritative server operators.  

That might be worth trading off, but it won't do to pretend that isn't
a cost that's incurred.

A


-- 
Andrew Sullivan
ajs at anvilwalrusden.com



More information about the dns-operations mailing list