[dns-operations] A dns-proxy for DNS over HTTP(s)

Paul Vixie paul at redbarn.org
Thu Aug 27 04:11:44 UTC 2015



Roland Dobbins wrote:
> On 27 Aug 2015, at 13:46, Mark Delany wrote:
>
>> My point is that DNS-over-TCP/HTTP is viable at Internet scale with
>> network latency characteristics similar to UDP with security
>> characteristics of TCP.
>
> I'm unsure this has been demonstrably proven to be true.

proven, no. successfully modeled, yes. john heidemann's team at USC/ISI
published as follows:

https://ant.isi.edu/tdns/index.html
http://www.isi.edu/~johnh/PAPERS/Zhu15c/index.html
http://www.ietf.org/proceedings/91/slides/slides-91-dprive-5.pdf

i quibbled with any interpretation of this work that would cause an
unsignaled/unnegotiated alteration to the way TCP/53 is used, but that
no longer seems to be on the table. the math itself checks out, in terms
of what modern servers and kernels can do. so in my view, if "T-DNS" as
they were calling it becomes an optional first-priority transport, then
large server operators (root and TLD for example) can easily make it happen.

-- 
Paul Vixie



More information about the dns-operations mailing list