On Wed, 21 Nov 2012 14:19:02 +0000 Tony Finch <[email protected]> wrote: > I doubt it would provide any advantage compared to DNS over TCP.
Your doubt isn't very convincing to me, but I'm not inclined to argue too strenuously that it would be worth doing in lieu of just utilizing TCP. Nevertheless, I would certainly be interested in experimenting with a DNS over DCCP implementation if someone builds it. > You can't fix an attack by inviting the attackers to change to a more > well-behaved protocol. The annoying source spoofed attacks that result in reflection and amplification, and to the degree that they are actually happening in the wild or not the Kaminsky-style cache poisoning, would help address the problem if something like DCCP were to supplant UDP. Note, there are a number of services over UDP that might benefit from a change away from UDP for similar reasons. Architecturally DCCP seems to make more sense to me than the heavier TCP-based or application-specific solution like than Donald Eastlake's draft Paul pointed to, but I realize deep architectural changes are unlikely. John _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
