[dns-operations] A dns-proxy for DNS over HTTP(s)

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Aug 25 09:29:09 UTC 2015


On Fri, Aug 14, 2015 at 02:46:56PM +0000,
 Shane Kerr <shane at time-travellers.org> wrote 
 a message of 29 lines which said:

> the idea of making DNS over HTTP as a resource available to
> users. [...] Maybe also include some rate-limiting rules to prevent
> these from becoming abusive open resolvers?

Why not. But, since it runs over TCP, there are much lower risks than
with UDP. (By the way, I would like to see a DNS service "public
resolver only reachable with TCP" using the normal DNS protocol. It
would be an useful looking glass, and would avoid the risks documented
in RFC 5358.)




More information about the dns-operations mailing list