On 5/12/15, 1:29 PM, "Paul Vixie" <p...@redbarn.org> wrote:
> > >Doug Barton wrote: >> On 5/11/15 9:27 PM, Paul Vixie wrote: >>> >>> doug, i still disagree. i know from friends that the DPRIV WG is >>>working >>> on a new port number, that won't be subject to TCP/53's problems, and i >>> wish them well. meanwhile UDP/53 can work (and mostly does) whereas >>> TCP/53 can be trivially DoS'd, and must never be depended upon. we can >>> revisit that topic in detail if you wish. --paul >> >> DNS on a new port with a revised protocol is an interesting chimera to >> chase, but even if the perfect protocol was agreed to tomorrow we >> would still have at least a 20 year time frame of operating the >> "legacy" DNS in parallel. So while new, shiny solutions are awesome to >> talk about, we're not done fixing the thing we have yet. :) > >can you rank the following in terms of (a) level of difficulty and MTTR, >and (b) your willingness to help? > >(1) make EDNS0 work near-universally >(2) use a new port number >(3) fix TCP/53 > >i've listed them in my own ease-of-getting-there. > >my proposal is a tcp proxy which tunnels dns over http (in binary form, >no xml or json). to be released shortly. > >-- >Paul Vixie >_______________________________________________ >dns-operations mailing list >dns-operations@lists.dns-oarc.net >https://lists.dns-oarc.net/mailman/listinfo/dns-operations >dns-jobs mailing list >https://lists.dns-oarc.net/mailman/listinfo/dns-jobs So maybe a stupid question but what is wrong with tcp on port 53 specifically. I understand what is wrong with tcp but why does the port 53 part matter? Just because it¹s some known port to easily ddos? What are the alternatives? A different port with a different tcp syntax? Some mechanism with the udp truncation bit is set it then passes back a specific port to use over tcp? Sorry for the mass of questions just feel like I¹m missing a large piece of this discussion. Nick Wolff Backbone Routing Engineer Hostmaster OARnet 1224 Kinnear Road Columbus, OH 43212 Phone: (614) 247-1517 Fax: (614) 292-9390 email: nwo...@oar.net _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
