[dns-operations] resolvers considered harmful

David Conrad drc at virtualized.org
Wed Oct 22 18:19:45 UTC 2014


On Oct 22, 2014, at 10:16 AM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>>  leaving recursive resolution to the clients.  We show that the two
>>  primary costs of this approach---loss of performance and an increase
>>  in system load---are modest and therefore conclude that this approach
>>  is beneficial for strengthening the DNS by reducing the attack
>>  surface.
> 
> As long as you only count costs _to you_, externalizing costs is often
> a good idea.
> 
> There's a third cost here, and that is a large increase in costs to
> authoritative server operators.  

That cost is discussed in the paper (section 5).

Regards,
-drc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141022/ba473a34/attachment.sig>


More information about the dns-operations mailing list