[dns-operations] Storm on the DNS

Paul Vixie vixie at tisf.net
Wed Dec 16 05:31:06 UTC 2015


there is in fact a move afoot to allow long-lived tcp/53 connections, by negotiating session 
parameters. if this is done carefully and deliberately, then a tcp-serving dns server can be 
engineered to support the same volume of connections and transactions as a modern tcp-
serving http server. it just can't be done without negotiation, since existing tcp-serving dns 
servers don't know what they can do, and it's often very little.

http://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-tcp-keepalive/

this is vital for the dns privacy work, which would like to use tls not dtls.

noting, dns-over-http has persistency today. there's code and spec at:

https://github.com/BII-Lab/DNSoverHTTP

i operate an open dns-over-http rdns server at proxy-dns.tisf.net, fwiw.

vixie


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151215/9d859bb0/attachment.html>


More information about the dns-operations mailing list