On 12/3/13 5:20 PM, "Stephane Bortzmeyer" <bortzme...@nic.fr> wrote:
>On Mon, Dec 02, 2013 at 01:13:26PM -0500, > Warren Kumari <war...@kumari.net> wrote > a message of 35 lines which said: > >> > OK. And do note "chaff" may be a by-product of >> > draft-wkumari-dnsop-hammer. >> >> Um, please explain. >> >> Hammer (and the various similar, actually implemented things) simply >> trigger lookups a few seconds before the TTL would naturally expire >> *in response to an incoming query*. > >OK, I was too fast, sorry. Hammer itself does not scramble the stream >of requests. So, I withdraw the reference to Hammer. > >Still, sending gratuitous queries, without an incoming query and >without waiting for the expiration, may be a good strategy for a >resolver to make traffic analysis more difficult for the eavesdropper >(or for the authoritative name servers). I have read and support this draft with a few exceptions: Large scale authoritative name servers (such as our COM/NET footprint) already sort through an enormous stream of query data so while the chaff might sound nifty I can't imagine it having a meaningful effect on the ability for authoritative servers to analyze traffic until it reaches DOS volumes. Even for smaller operators this will certainly force changes to infrastructure but I question whether it will result in reduced ability to perform traffic analysis. The other concern that I have is the idea of recursive resolvers holding long lived sessions open with the authoritative servers. This bears closer analysis but my experience with COM/NET makes me nervous about that idea. I'd like to hear how other authoritative name server operators feel about the implications of long lived TCP connections on their name servers. >_______________________________________________ >DNSOP mailing list >DNSOP@ietf.org >https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
