Hi,
I have also difficulties finding any benefit of such feature. Shall it
help lowering bandwidth usage for authoritatives or for recursives? I'd
say that for authoritatives in general, legitimate traffic is the
minority, so reducing that would not help much.
I'd oppose the idea of having
Hi Petr,
On Aug 4, 2023, at 05:21, Petr Menšík wrote:
> Again, this proposal is not targeted to gigabit+ links connectivity. This is
> not indented to fight DDoS in data centers. It would be links, where data are
> still counted in kilobytes or megabytes. Satellite links or long range radios
On 8/4/23 10:46, Joe Abley wrote:
On 4 Aug 2023, at 10:12, Peter Thomassen wrote:
A hash over the RRset in question might work, assuming some canonical form is
used (e.g. as used for RRSIG calculation).
In fact, if the requirement is for a hash whose authenticity can be proven by a
relying
On 4 Aug 2023, at 10:12, Peter Thomassen wrote:
> A hash over the RRset in question might work, assuming some canonical form is
> used (e.g. as used for RRSIG calculation).
In fact, if the requirement is for a hash whose authenticity can be proven by a
relying party (which seems important in
On 8/4/23 02:45, Ray Bellis wrote:
On 04/08/2023 00:29, Petr Menšík wrote:
What do you think, would such mechanism be useful even on classic
DNS? Are there already deployed alternatives? How useful something
similar might be? Does such mechanism contain significant drawback,
why it would not
On 8/4/23 01:29, Petr Menšík wrote:
I started thinking, what if we used EDNS0 extension sending version at the
client and asked the server if that has changed in the mean time. Lets call the
extension cache-refresh for example. It might use SOA version number, which I
think common
On 04/08/2023 00:29, Petr Menšík wrote:
What do you think, would such mechanism be useful even on classic DNS?
Are there already deployed alternatives? How useful something similar
might be? Does such mechanism contain significant drawback, why it would
not be a good idea?
Something like
Hello dns experts.
I have been reading paper found on Mastodon [1], called Securing Name
Resolution in the IoT: DNS over CoAP [2]. I found caching optimization
described interesting and started wondering, why we do not have
something similar in normal DNS. The algorithm is described at DNS