[dns-operations] Storm on the DNS

Ralf Weber dns at fl1ger.de
Thu Dec 17 13:06:52 UTC 2015


On 16 Dec 2015, at 1:45, Yonghua Peng wrote:

> May I suggest the next generation DNS protocol should be TCP based? 
> like what HTTP DNS does.
> UDP stuff is too easy to be attacked. Thanks.
You can suggest what you want. I and others may disagree with you. If we 
switch DNS to TCP there will be a huge cost in implementing this, as TCP 
just doesn't scale the way UDP does and as with all things DNS we still 
have to support the current protocol for decades.

I'd rather have people working on BCP38 as there are other UDP based 
protocols also, and given the current pre christmas series of attacks 
(there are also a lot of attacks on ISP resolvers at the moment in 
addtion to the large visible attacks on authoritative servers) I have 
some hope that more people finally get it an do something about it.

So long

More information about the dns-operations mailing list