> On 12 Jul 2019, at 8:54 am, Lefteris Tsintjelis via bind-users > <bind-users@lists.isc.org> wrote: > > On 11/7/2019 22:56, @lbutlr wrote: >> On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users >> <bind-users@lists.isc.org> wrote: >>> On 11/7/2019 15:35, Tony Finch wrote: >>>> Lefteris Tsintjelis via bind-users <bind-users@lists.isc.org> wrote: >>>>> >>>>> Why would you want something like that? >>>> https://datatracker.ietf.org/wg/dprive/about/ >>> >>> If you are willing to sacrifice speed. >> Not really. Using DOH servers now doesn’t have any noticeable impact on >> speed of DNS. > > Doesn't the packet size have any impact at all just by itself, excluding > packet encryption/decryption times? For me the difference was quite > noticeable when I first enabled DNSSEC, specially when I first tested it with > SHA256/512. Packets would easily exceed fragmentation limits and that alone > is just by using DNSSEC only! I don't know what the impact of DOH would be on > the packet size, but I am pretty sure it would be even worst combined with > DNSSEC, would it not?
Having fragmented packets doesn’t slow down DNS noticeably as long as your firewall allows them through. Having to perform PMTUD does however and this applies to both UDP and TCP. > Lefteris > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
