Moin! On 30 Oct 2019, at 1:37, Watson Ladd wrote: > The root zone is data: whether one distributes it via DoT, DoH, IPv6, or > carrier pigeon is irrelevant to the policies that goven what's in it. And > furthermore none of the network engineering issues raised against DoH apply > to recursive to authoritative. > > We absolutely can engineer reliable anycast clusters to handle 100,000 > queries a second. That's only 100 cores if each core can do 1000 queries a > second. We can and I don’t think Jim questioned that it is technically possible. But someone has to pay for it and there are layer 9 problems. At some parts of the DNS infrastructure the margins are thin and increasing your server load or server foot print for ADoT might be the difference between making a profit or a loss.
> Akamai handles a substantially greater volume of considerably more > expensive HTTPS traffic: the DNS queries are part of the HTTPS. That is true, but we also have way more servers for HTTPS then for DNS, and while I don’t want to see DNS traffic inside the same channel that delivers content for various reason that for sure won’t happen with ADoT as we are talking about a resolver and not and end client issuing the queries. > Encryption at the root is very possible. It for sure is, but it’s not as easy and I see the root probably being one of the latest adopters of ADoT. In general that does not matter. We have to design a protocol first and then maybe look at the special cases some part of the tree might have. So long -Ralf —-- Ralf Weber _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
