Hi, Scott, Thanks for this interesting information - it would be good to know as a followup what the results are like with persistent TCP (following the RFC recommendations), since the overhead of TCP connection setup for each query/response before TLS resume is significant.
Related to assessment of encrypted DNS in the global Internet, I asked John Todd how much usage of encrypted DNS the Quad9 recursive servers see, and he wrote this (sent with permission): Overall, across all locations, we see around 15% of our traffic is encrypted in some form. However, some locales (nations or regions) are much higher. Amsterdam, for instance, sees around 20% of all traffic encrypted (note that AMS brings in traffic from much more distant locations like Russia, China, and other privacy-challenged regions.) And this rate is more a function of end users vs. forwarding caches. We have relatively few end users on our network - most of our traffic (estimated >80%) comes from forwarding caches of some sort, many of them very large. So the fact that we have 15% encrypted is actually surprising - that means a significant portion of our "end users" are turning on encryption, since we see far fewer forwarding caches using encrypted transport. I don't have numbers to back up those statistics; we don't have a grant for any of that work, so [further aspects of the data go] unexplored. I see Quad9's findings as an indicator that DNS encryption has traction with end users globally. Regards, Allison On Thu, 12 Jun 2025 at 15:36, Hollenbeck, Scott <shollenbeck= [email protected]> wrote: > Earlier today I added text describing Verisign's RFC 9539 Experiment to > GitHub: > > > https://github.com/ietf-wg-dprive/9539-data/blob/main/Verisign's%20RFC%209539%20Experiment > > Scott > > _______________________________________________ > dns-privacy mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ dns-privacy mailing list -- [email protected] To unsubscribe send an email to [email protected]
