[dns-operations] DNS-over-TLS in public resolvers

Ralf Weber dns at fl1ger.de
Mon Mar 6 07:28:17 UTC 2017


On 5 Mar 2017, at 17:01, Phillip Hallam-Baker wrote:
> There are two issues, both of which I brought up at the start of DPRIV:
> 1) Must be supported by browsers.
> 2) Protocol MUST be entirely state free
> If you want a protocol to be deployed, you need to solicit input from the
> people who you need for deployment and take notice of it. DNS over anything
> TCP is not going to measure up.
+1. I brought up similar concerns in dprive, but the counter argument was
always that people run web services with it so TCP does scale. The problem
with that argument is that people don't want to invest the same money in DNS
services that they are investing in HTTP services.

Running a DNS over TLS for a couple of users is easy, but running it for
millions of users is not easy. As these scaling issues were brushed aside
in the working group we now have to face them at deployment stage or maybe
we won't see widespread deployment.

So long

More information about the dns-operations mailing list