[dns-operations] DNS-over-TLS in public resolvers

Marat Khalili mkh at rqc.ru
Mon Mar 6 08:33:50 UTC 2017

> There are two issues, both of which I brought up at the start of DPRIV:
> 1) Must be supported by browsers.
> 2) Protocol MUST be entirely state free
> If you want a protocol to be deployed, you need to solicit input from 
> the people who you need for deployment and take notice of it. DNS over 
> anything TCP is not going to measure up.
DNS-over-TLS in public resolvers would be very useful for small-scale 
DNS repeaters in corporations and ISPs. They usually connect to few 
public resolvers and can easily keep these connections alive. Persistent 
TCP connections place much lighter burden on firewalls than UDP 
requests, so there might be overall performance gain on both sides.

QUIK, SCTP and similar future technologies can be even better, but are 
obviously not ready for deployment here and now. TLS is.


With Best Regards,
Marat Khalili

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170306/3874c345/attachment.html>

More information about the dns-operations mailing list