[106703] in North American Network Operators' Group
Re: maybe a dumb idea on how to fix the dns problems i don't know....
daemon@ATHENA.MIT.EDU (list-nanog@pwns.ms)
Sun Aug 10 18:01:24 2008
Date: Sun, 10 Aug 2008 22:01:13 +0000
From: list-nanog@pwns.ms
To: nanog@nanog.org
In-Reply-To: <489F633A.2060804@rexconsulting.net>
Errors-To: nanog-bounces@nanog.org
> But we only care about TCP connection setup time in *interactive*
> sessions (a human using something like the web). If you have a
> persistent connection to your dns server from your dns resolver on your
> browser machine, you just send the request.... no TCP setup there at
> all. You can even pool connections. We do this stuff in LDAP all the time.
Again, if we can change the DNS protocol, then it's easy to solve.
Securing host->recursive name server is, at the moment, not an issue - each host is a small target, and often has little bandwidth available. Furthermore, stopping IP spoofing of one's own hosts within one's networks is, well, not trivial, but not hugely difficult either.
