> Matthew Pounsett <mailto:[email protected]> > Wednesday, October 22, 2014 10:29 AM > > The paper also appears to make the assumption that eliminating > existing resolvers is a thing we can do. Open recursive resolvers > won’t go away simply because we, as an industry, decide to stop > setting up new ones. There’s no way to prevent them from sending > queries (or to selectively block them), and they are almost by > definition unmanaged, so we cannot expect they will be taken offline > by their respective administrators.
well, yes, and the fact that the vast majority current stub resolvers have at least one layer of NAT between them and the internet core (where the authority servers) are, as well as IPS and firewall, means that responses to RD=0 queries usually won't get in, and RD=0 queries will even more often not go out. (UDP is evil, didn't you know.) we can move the stubs to an HTTPS transport if we can agree on a RESTful query API and either JSON or XML schema for responses, but it is not in our power to make UDP, especially fragmented UDP as in EDNS, work in the last mile. given that this came from ICIR, they ought to have known that. so it's going to be an interesting debate, methinks. -- Paul Vixie
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
