Mark, On Jul 17, 2023, at 4:23 PM, Mark Andrews <ma...@isc.org> wrote: >> Joe is (correctly, IMHO) pointing out that given there is a need to support >> TCP-based DNS queries (see RFC 7766), prudent engineering would suggest you >> need to prepare for attacks against that infrastructure. As such arguing >> “state has mass” appears to miss the point. > And most servers will never see a DoS attack.
And most servers (particularly the ones that wouldn’t see a DoS attack) wouldn’t notice the strain of TCP-based DNS requests. So? > TCP also puts much more load on recursive servers. It slows down the > resolution process. DOT and DOH put even more load on recursive and > authoritative servers. Again, missing the point, unless you believe there are going to be fewer TCP-based DNS queries over time and RFC 7766 should be deprecated. Engineering to how the Internet was in the past may not be an optimal strategy. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
