[dns-operations] DNS-over-TLS in public resolvers
dns at fl1ger.de
Tue Mar 7 13:12:06 UTC 2017
On 6 Mar 2017, at 16:22, Stephane Bortzmeyer wrote:
> On Mon, Mar 06, 2017 at 08:28:17AM +0100,
> Ralf Weber <dns at fl1ger.de> wrote
> a message of 29 lines which said:
>> Running a DNS over TLS for a couple of users is easy, but running it
>> for millions of users is not easy.
> There are not many DNS servers with millions of users! Most DNS
> servers have much less. The behemoths with a real lot of users (such
> as Google Public DNS) are also the ones who certainly have the
> abilities to make it work large-scale.
Most ISP/Telcos and mobile networks have millions of users easily. And
there are a bunch of them in every country, and these operators are
the people I recall the IETF wants to encourage to participate, yet
we design protocols that put a lot of burden on them.
At the moment for an ISP/Telco DNS is relatively small cost compared to
other network/hosting costs even if they buy a commercial solution. DNS
over TLS will increase that cost a lot for no benefit for them (I
assume they can protect their networks from illegal spying). So I see
no incentive for them to deploy it.
More information about the dns-operations