[dns-operations] Writeup of Spring Workshop

Wolff, Nicholas (Nick) nwolff at oar.net
Tue May 12 18:01:32 UTC 2015



On 5/12/15, 1:29 PM, "Paul Vixie" <paul at redbarn.org> wrote:

>
>
>Doug Barton wrote:
>> On 5/11/15 9:27 PM, Paul Vixie wrote:
>>>
>>> doug, i still disagree. i know from friends that the DPRIV WG is
>>>working
>>> on a new port number, that won't be subject to TCP/53's problems, and i
>>> wish them well. meanwhile UDP/53 can work (and mostly does) whereas
>>> TCP/53 can be trivially DoS'd, and must never be depended upon. we can
>>> revisit that topic in detail if you wish. --paul
>>
>> DNS on a new port with a revised protocol is an interesting chimera to
>> chase, but even if the perfect protocol was agreed to tomorrow we
>> would still have at least a 20 year time frame of operating the
>> "legacy" DNS in parallel. So while new, shiny solutions are awesome to
>> talk about, we're not done fixing the thing we have yet. :)
>
>can you rank the following in terms of (a) level of difficulty and MTTR,
>and (b) your willingness to help?
>
>(1) make EDNS0 work near-universally
>(2) use a new port number
>(3) fix TCP/53
>
>i've listed them in my own ease-of-getting-there.
>
>my proposal is a tcp proxy which tunnels dns over http (in binary form,
>no xml or json). to be released shortly.
>
>-- 
>Paul Vixie
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs



So maybe a stupid question but what is wrong with tcp on port 53
specifically. I understand what is wrong with tcp but why does the port 53
part matter? Just because it¹s some known port to easily ddos? What are
the alternatives? A different port with a different tcp syntax? Some
mechanism with the udp truncation bit is set it then passes back a
specific port to use over tcp?

Sorry for the mass of questions just feel like I¹m missing a large piece
of this discussion.

Nick Wolff

Backbone Routing Engineer
Hostmaster
OARnet
1224 Kinnear Road
Columbus, OH 43212
Phone: (614) 247-1517
Fax: (614) 292-9390
email: nwolff at oar.net





More information about the dns-operations mailing list