[dns-operations] A dns-proxy for DNS over HTTP(s)

Roland Dobbins rdobbins at arbor.net
Wed Aug 26 10:02:13 UTC 2015

On 26 Aug 2015, at 0:43, 宋林健 wrote:

> Sorry, but IMHO the connectionless feature of DNS is becoming the 
> major security vector to launch severe DDOS attack.

I know all about this, as I deal with it every day.

What I'm talking about has nothing to do with that.

What I'm saying is that encrypting DNS queries, whether over UDP or TCP 
or HTTP or whatever, makes it far more difficult and expensive *to 
defend the DNS itself against attacks*.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list