Erik,
In that case you should take a hard look at caching. The ESNI lookup needs to
retrieve the name and the SNI key of the published server. It will remain valid
as long as the key or the relationship between published and private does not
change. If it is cached, the only required real time
The need to bootstrap ESNI (encrypted SNI) keys via DNS is the forcing
function here for clients. They need to do something new here to address
that, and if that requires an additional lookup then there is opportunity
if other problems can be solved at the same time as long as we don't slow
down
At Tue, 23 Jul 2019 17:04:43 +0200,
Matthijs Mekking wrote:
> But as soon as clients start querying for ANAME (and not address
> records) meaning it will chase the target itself, the DNS server
> actually does not have to do a target lookup anymore.
True, but my understanding is that the key
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Considerations for Large Authoritative DNS Servers
Operators
Authors : Giovane C. M. Moura
