Doug Barton wrote: > On 5/11/15 9:27 PM, Paul Vixie wrote: >> >> doug, i still disagree. i know from friends that the DPRIV WG is working >> on a new port number, that won't be subject to TCP/53's problems, and i >> wish them well. meanwhile UDP/53 can work (and mostly does) whereas >> TCP/53 can be trivially DoS'd, and must never be depended upon. we can >> revisit that topic in detail if you wish. --paul > > DNS on a new port with a revised protocol is an interesting chimera to > chase, but even if the perfect protocol was agreed to tomorrow we > would still have at least a 20 year time frame of operating the > "legacy" DNS in parallel. So while new, shiny solutions are awesome to > talk about, we're not done fixing the thing we have yet. :)
can you rank the following in terms of (a) level of difficulty and MTTR, and (b) your willingness to help? (1) make EDNS0 work near-universally (2) use a new port number (3) fix TCP/53 i've listed them in my own ease-of-getting-there. my proposal is a tcp proxy which tunnels dns over http (in binary form, no xml or json). to be released shortly. -- Paul Vixie _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
