[dns-operations] resolvers considered harmful
Andrew Sullivan
ajs at anvilwalrusden.com
Wed Oct 22 17:16:15 UTC 2014
On Wed, Oct 22, 2014 at 12:47:39PM -0400, Mark Allman wrote:
> leaving recursive resolution to the clients. We show that the two
> primary costs of this approach---loss of performance and an increase
> in system load---are modest and therefore conclude that this approach
> is beneficial for strengthening the DNS by reducing the attack
> surface.
As long as you only count costs _to you_, externalizing costs is often
a good idea.
There's a third cost here, and that is a large increase in costs to
authoritative server operators.
That might be worth trading off, but it won't do to pretend that isn't
a cost that's incurred.
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list