[dns-operations] A dns-proxy for DNS over HTTP(s)
Roland Dobbins
rdobbins at arbor.net
Tue Aug 25 12:00:23 UTC 2015
On 25 Aug 2015, at 18:36, Stephane Bortzmeyer wrote:
> Many high-profile sites host HTTP (and, now, HTTPS) services and have
> the experience and the tools to fight dDoS attacks.
Actually, many high-profile organizations do this very poorly -
surprisingly so.
And it's not just the high-profile organizations I'm worried about.
> To the contrary, there are more software and human resources to deal
> with TCP services than with UDP ones.
Encryption complicates matters greatly, and DNS traffic/query patterns
are quite different from Web.
Even without DDoS attacks, scalability is a concern. Add DDoS attacks,
and things get a whole lot more complicated and much less scalable.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list