> On 18 Jul 2023, at 08:10, David Conrad <[email protected]> wrote: > > Paul, > > On Jul 17, 2023, at 12:52 PM, Paul Vixie <[email protected]> > wrote: >>> If the stability of anybody's infrastructure depends on people choosing a >>> particular transport, I would suggest they might have reason to be worried. >>> Simply hoping that people don't start using TCP in a significant way is >>> putting your stability in a lot of other peoples' hands. >> also -1. state has mass. avoiding it will remain worthwhile. > > > “Please Friendly Malicious Actor, do not send too many TCP DNS requests as it > might overwhelm my infrastructure”? > > Joe is (correctly, IMHO) pointing out that given there is a need to support > TCP-based DNS queries (see RFC 7766), prudent engineering would suggest you > need to prepare for attacks against that infrastructure. As such arguing > “state has mass” appears to miss the point.
And most servers will never see a DoS attack. TCP also puts much more load on recursive servers. It slows down the resolution process. DOT and DOH put even more load on recursive and authoritative servers. I saw servers the other day that where answering UDP in ms but TCP was taking 10s of seconds to answer. They appear to have fixed whatever the issue was but it still happened. > Regards, > -drc > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
