Daniel Kahn Gillmor <[email protected]> writes: > I hope Wes will answer this question on his own
Basically, one of the reasons the DNS protocol has been so robust is because of the caching behavior. It greatly reduces traffic, greatly speeds up lookups. Turning off caching would disable much of this critical infrastructure that the DNS was designed with. Recent work has proven that longer TTLs enable zones to survive DDoS attacks because of caching (https://www.isi.edu/~johnh/PAPERS/Moura18a.pdf). Instead, we could maybe cache the delay instead and do something like "if privacy mode is enabled for first query missing the cache for name X, then store [X, delay] for the resolution time. For all future requests up until the first non-privacy protected query for X, force a delay response but respond from the cache". That's kinda messy, but at least may balance the need to keep the cache with privacy. > , but i wanted to note that privacy is not only harmed by caches. it > can also be helped by caches. Yep. I did some experiments around this at the beginning of 2018 for the NDSS DNS privacy workshop. Paper: http://www.isi.edu/~hardaker/papers/2018-02-ndss-analyzing-root-privacy.pdf Youtube 1: https://youtu.be/bSKBRMNQ7s0 Youtube 2: https://youtu.be/9YYH8JFH_bY?t=21m0s -- Wes Hardaker My Pictures: http://capturedonearth.com/ My Thoughts: http://blog.capturedonearth.com/ _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
