[dns-operations] Storm on the DNS
dns at fl1ger.de
Thu Dec 17 13:06:52 UTC 2015
On 16 Dec 2015, at 1:45, Yonghua Peng wrote:
> May I suggest the next generation DNS protocol should be TCP based?
> like what HTTP DNS does.
> UDP stuff is too easy to be attacked. Thanks.
You can suggest what you want. I and others may disagree with you. If we
switch DNS to TCP there will be a huge cost in implementing this, as TCP
just doesn't scale the way UDP does and as with all things DNS we still
have to support the current protocol for decades.
I'd rather have people working on BCP38 as there are other UDP based
protocols also, and given the current pre christmas series of attacks
(there are also a lot of attacks on ISP resolvers at the moment in
addtion to the large visible attacks on authoritative servers) I have
some hope that more people finally get it an do something about it.
More information about the dns-operations