maybe a dumb idea on how to fix the dns problems i don't know....

list-nanog at pwns.ms list-nanog at pwns.ms
Sun Aug 10 17:01:13 CDT 2008


> But we only care about TCP connection setup time in *interactive* 
> sessions (a human using something like the web). If you have a 
> persistent connection to your dns server from your dns resolver on your 
> browser machine, you just send the  request.... no TCP setup there at 
> all. You can even pool connections. We do this stuff in LDAP all the time.

Again, if we can change the DNS protocol, then it's easy to solve.

Securing host->recursive name server is, at the moment, not an issue - each host is a small target, and often has little bandwidth available.  Furthermore, stopping IP spoofing of one's own hosts within one's networks is, well, not trivial, but not hugely difficult either. 




More information about the NANOG mailing list