[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Aug 18 01:18:30 UTC 2021


> On 17 Aug 2021, at 9:07 pm, Ken N <ken at linuxdeveloper.xyz> wrote:
> 
> Does Haskell have the ability to develop such system program as DNS server? Just be curious...

Yes, and concurrency is very well supported, and lots of basic
DNS code is already in the Network.DNS stub resolver.

However, one would probably write a DNS server in Rust for now.
Haskell is a garbage-collected language, and GC occasionally
needs to temporarily stop the world (for ideally brief pauses).

So workloads that are both large memory and low-latency are not
entirely yet quite in scope.

My DANE survey code is high throughput, but does not need low
latency, so I do over 6k qps, but if there's a brief GC hiccup
now and then that's fine.  That's probably not acceptable for
DNS server.

There are however many production web servers in Haskell, and
they're doing fine.

I don't know whether the new non-moving GC would make the Haskell
RTS a good platform for a DNS server.  I might try it some day...

-- 
	Viktor.





More information about the dns-operations mailing list