On 12/7/2019 2:42, Mark Andrews wrote:
On 12 Jul 2019, at 8:54 am, Lefteris Tsintjelis via bind-users
<bind-users@lists.isc.org> wrote:
On 11/7/2019 22:56, @lbutlr wrote:
On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users
<bind-users@lists.isc.org> wrote:
On 11/7/2019 15:35, Tony Finch wrote:
Lefteris Tsintjelis via bind-users <bind-users@lists.isc.org> wrote:
Why would you want something like that?
https://datatracker.ietf.org/wg/dprive/about/
If you are willing to sacrifice speed.
Not really. Using DOH servers now doesn’t have any noticeable impact on speed
of DNS.
Doesn't the packet size have any impact at all just by itself, excluding packet
encryption/decryption times? For me the difference was quite noticeable when I
first enabled DNSSEC, specially when I first tested it with SHA256/512. Packets
would easily exceed fragmentation limits and that alone is just by using DNSSEC
only! I don't know what the impact of DOH would be on the packet size, but I am
pretty sure it would be even worst combined with DNSSEC, would it not?
Having fragmented packets doesn’t slow down DNS noticeably as long as your
firewall allows them through. Having to perform PMTUD does however and this
applies to both UDP and TCP.
I believe most modern firewalls allow them now days and the speeds are
pretty huge for such packets so I guess fragmentation by itself may not
be as noticeable, but everything all together adds up, and I mean
including DNSSEC and DOH overhead.
Yes, PMTUD applies to both of course and this is the biggest delay of
all. Perhaps it would help if the default packet size of 4000 changed to
a lower value such as 1200-1300 and use ECDSAP256SHA256 as defaults? In
any case, for me, changing those two things made quite a noticeable
response difference and it was not small.
Lefteris
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
