[dns-operations] A dns-proxy for DNS over HTTP(s)
ljsong at biigroup.cn
Tue Aug 25 14:43:48 UTC 2015
Sorry, but IMHO the connectionless feature of DNS is becoming the major security vector to launch severe DDOS attack.
btw: what's the concrete scalability concern do you mean? I do not find any DNS requirements can not be fullfilled by web technology. Well, if you say you do not have such budget to upgrade the system, it's another story.
From: "Roland Dobbins"<rdobbins at arbor.net>
Date: 2015/08/25 20:00:23
To: "dns-operations"<dns-operations at dns-oarc.net>;
Subject: Re: [dns-operations] A dns-proxy for DNS over HTTP(s)
On 25 Aug 2015, at 18:36, Stephane Bortzmeyer wrote:
> Many high-profile sites host HTTP (and, now, HTTPS) services and have
> the experience and the tools to fight dDoS attacks.
Actually, many high-profile organizations do this very poorly -
And it's not just the high-profile organizations I'm worried about.
> To the contrary, there are more software and human resources to deal
> with TCP services than with UDP ones.
Encryption complicates matters greatly, and DNS traffic/query patterns
are quite different from Web.
Even without DDoS attacks, scalability is a concern. Add DDoS attacks,
and things get a whole lot more complicated and much less scalable.
Roland Dobbins <rdobbins at arbor.net>
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations