[dns-operations] Storm on the DNS

Paul Vixie vixie at tisf.net
Wed Dec 16 05:31:06 UTC 2015

there is in fact a move afoot to allow long-lived tcp/53 connections, by negotiating session 
parameters. if this is done carefully and deliberately, then a tcp-serving dns server can be 
engineered to support the same volume of connections and transactions as a modern tcp-
serving http server. it just can't be done without negotiation, since existing tcp-serving dns 
servers don't know what they can do, and it's often very little.


this is vital for the dns privacy work, which would like to use tls not dtls.

noting, dns-over-http has persistency today. there's code and spec at:


i operate an open dns-over-http rdns server at proxy-dns.tisf.net, fwiw.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151215/9d859bb0/attachment.html>

More information about the dns-operations mailing list