On 2013-03-31, at 12:09, Vernon Schryver <[email protected]> wrote: >>> Only the DNS people think that. The HTTP people are used to many TCP >>> connections to manage and do not think it is impossible. > >> So we could abandon DNS/UDP and move exclusively to DNS/TCP? > > No one said that it is "impossible" to handle lots of DNS/TCP connections.
There seems to be an implicit assumption in this thread that when we say DNS over TCP, we mean setting up a TCP session and tearing it down again once per query. If instead we imagine persistent pools of TCP connections open between stubs and resolvers which are rarely set up or torn down, how is the overhead in bandwidth, latency and CPU cycles substantially different from UDP? Keeping state for millions of connections sounds like a bit of a nightmare, granted. :-) And I am not blind to the fact that lacking today's low-hanging DNS fruit, attackers will just switch to some other protocol/service. Joe _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
