On Wed, Oct 22, 2014 at 12:47:39PM -0400, Mark Allman wrote: > leaving recursive resolution to the clients. We show that the two > primary costs of this approach---loss of performance and an increase > in system load---are modest and therefore conclude that this approach > is beneficial for strengthening the DNS by reducing the attack > surface.
As long as you only count costs _to you_, externalizing costs is often a good idea. There's a third cost here, and that is a large increase in costs to authoritative server operators. That might be worth trading off, but it won't do to pretend that isn't a cost that's incurred. A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
