On Wed, Apr 2, 2014 at 7:31 PM, Andrew Sullivan <a...@anvilwalrusden.com>wrote:
> On Wed, Apr 02, 2014 at 07:21:11PM -0400, Phillip Hallam-Baker wrote: > > > Which is why I have been pushing the notion that if we are going to do > DNSE > > then part of the DNSE solution should be to get us out of the single > > response packet straightjacket. > > I've seen what you've had to say on that, and what I just don't > understand yet is how that answer is deployable. That is, how is what > you are suggesting there (and in your other discussions of this topic) > not "replace DNS"? Or, if it is, why don't we just do a new protocol > completely? We could fix the internationalization issues. We could > ditch UDP and in a single blow eliminate a major source of DDoS on the > Internet. And so on. > > The only problem is getting everyone to upgrade. No? > There are three different parts of the protocol 1) Client -> Resolver 2) Resolver -> Authoritative 3) The DNS data model Changing 1 is the easiest and also the part that is most in need. We need to find a way round all the crud that is making port 53 pretty much unusable. The privacy concerns are the most restrictive, etc. Changing 2 is a little harder but changes to BIND etc will eventually percolate through. Changing 3 is a ten year program at least and is not feasible unless 1 and 2 are addressed first. -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
