Hi Tommy You have the right mind, but I don't know how this draft will fly in today's world. If you routinely look at packet captures at ISP resolvers (which handle some of the heaviest query rates of DNS outside CDNs), the overwhelming majority of queries complete with DNS over UDP. Some truncated responses cause TCP traffic, but it is the presence of DNS over UDP that allow these resolvers to perform at the response rates they do currently (and they still struggle sometimes). DNS over TCP performance and scalability is still poor compared to DNS over UDP.
The considerations such as Kaminsky attack needing source port
randomization, fragmentation, etc. are already worked around in
implementation.
> 1. Introduction
> Many uses of the DNS require message sizes larger than common path
> MTUs. This poses problems for Classic DNS over UDP by requiring
It would be fairer to s/Many/Some/ here as the majority of DNS traffic
as seen in packet captures at ISPs complete (succeed) over UDP.
Mukund
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
