On Wed, 21 Jan 2015, Paul Vixie wrote:
even if changing TCP/53's connection semantics could be done without creating new DoS vectors, the small number of DNS TCP initiators and responders who will ever be upgraded
responders do not need to be upgraded for this, as we found out on this list about two years ago when Mark Andrews patched dig and I ran a test with that.
, would be able to adopt TCP/80 faster. many middleboxes assume that DNS is UDP-only, and a few no doubt proxy the transaction in a way that hijacks the connection management semantics in a way that would (a) pass your new signalling along, but (b) not follow it.
What is the problem with "if you are behind broken middleware, do DNS like it it 1999" ? I don't see how that is a reason to start moving to port 80. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
