[dns-operations] Storm on the DNS
Paul Vixie
vixie at tisf.net
Wed Dec 16 05:31:06 UTC 2015
there is in fact a move afoot to allow long-lived tcp/53 connections, by negotiating session
parameters. if this is done carefully and deliberately, then a tcp-serving dns server can be
engineered to support the same volume of connections and transactions as a modern tcp-
serving http server. it just can't be done without negotiation, since existing tcp-serving dns
servers don't know what they can do, and it's often very little.
http://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-tcp-keepalive/
this is vital for the dns privacy work, which would like to use tls not dtls.
noting, dns-over-http has persistency today. there's code and spec at:
https://github.com/BII-Lab/DNSoverHTTP
i operate an open dns-over-http rdns server at proxy-dns.tisf.net, fwiw.
vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151215/9d859bb0/attachment.html>
More information about the dns-operations
mailing list