[dns-operations] Storm on the DNS
vixie at tisf.net
Wed Dec 16 05:31:06 UTC 2015
there is in fact a move afoot to allow long-lived tcp/53 connections, by negotiating session
parameters. if this is done carefully and deliberately, then a tcp-serving dns server can be
engineered to support the same volume of connections and transactions as a modern tcp-
serving http server. it just can't be done without negotiation, since existing tcp-serving dns
servers don't know what they can do, and it's often very little.
this is vital for the dns privacy work, which would like to use tls not dtls.
noting, dns-over-http has persistency today. there's code and spec at:
i operate an open dns-over-http rdns server at proxy-dns.tisf.net, fwiw.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations