Phillip Hallam-Baker writes: > At any rate, nobody seems to like DJB's ideas of eliminating > recursives or doing anything that would prevent caching.
I've never proposed "eliminating recursives" (caches). What I propose is complete _decentralization_ of the caches: you run your own trusted DNS cache on your own laptop/smartphone/etc., talking directly to the authoritative DNS servers---preferably with end-to-end encryption such as DNSCurve, but there are several advantages even without encryption. Decentralization has only a small effect on DNS load, compared to centralized ISP caches. See, e.g., Manning's 2009 study: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-2/122_dns.html Eliminating caches has a much larger effect on DNS load. See, e.g., Section 5 of Shulman's recent paper: http://www.ietf.org/mail-archive/web/dns-privacy/current/pdfWqAIUmEl47.pdf I'm surprised to see people confusing these two obviously different proposals. For example, Kaminsky has incorrectly claimed on several occasions that end-to-end DNS encryption requires "abandoning caching", and similarly Shulman incorrectly presents the cost of uncached DNS as the cost of "end-to-end encryption". In fact, end-to-end encryption requires merely _decentralizing_ DNS caches, not _eliminating_ them. Measuring the cost of uncached DNS is attacking a useless strawman. I'm also surprised at how little common-sense perspective appears in most discussions of DNS load. The largest DNS sites, such as .com, are provisioned to survive massive distributed denial-of-service attacks, and have no trouble handling small increases in DNS load. For the vast majority of ISPs, HTTP+HTTPS load is a vastly larger cost than DNS load, and again small increases in DNS load (or much larger increases, such as the "send every query two or three times" proposals) are irrelevant. Note that DNS load is very far from minimized today. People take small TTLs, for example, because they care more about tiny improvements in IP-address agility than about a big increase in their DNS load. Many years ago I proposed having everyone run a local copy of the root zone and local copies of TLDs on busier sites---a big reduction in overall DNS load---but the reality is that DNS load wasn't a big deal then and is even less important today. Maybe the same idea will make a comeback, but if so then it will be for privacy reasons, not for load reasons. ---Dan _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
