[dns-operations] DNS-over-TLS in public resolvers
Marat Khalili
mkh at rqc.ru
Mon Mar 6 08:33:50 UTC 2017
> There are two issues, both of which I brought up at the start of DPRIV:
>
> 1) Must be supported by browsers.
> 2) Protocol MUST be entirely state free
>
> If you want a protocol to be deployed, you need to solicit input from
> the people who you need for deployment and take notice of it. DNS over
> anything TCP is not going to measure up.
DNS-over-TLS in public resolvers would be very useful for small-scale
DNS repeaters in corporations and ISPs. They usually connect to few
public resolvers and can easily keep these connections alive. Persistent
TCP connections place much lighter burden on firewalls than UDP
requests, so there might be overall performance gain on both sides.
QUIK, SCTP and similar future technologies can be even better, but are
obviously not ready for deployment here and now. TLS is.
--
With Best Regards,
Marat Khalili
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170306/3874c345/attachment.html>
More information about the dns-operations
mailing list