[dns-operations] A dns-proxy for DNS over HTTP(s)

Roland Dobbins rdobbins at arbor.net
Tue Aug 25 12:00:23 UTC 2015

On 25 Aug 2015, at 18:36, Stephane Bortzmeyer wrote:

> Many high-profile sites host HTTP (and, now, HTTPS) services and have 
> the experience and the tools to fight dDoS attacks.

Actually, many high-profile organizations do this very poorly - 
surprisingly so.

And it's not just the high-profile organizations I'm worried about.

> To the contrary, there are more software and human resources to deal 
> with TCP services than with UDP ones.

Encryption complicates matters greatly, and DNS traffic/query patterns 
are quite different from Web.

Even without DDoS attacks, scalability is a concern.  Add DDoS attacks, 
and things get a whole lot more complicated and much less scalable.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list