Yet another Quadruple DNS?

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Apr 3 09:54:36 UTC 2018


On Sun, Apr 01, 2018 at 02:03:41PM -0600,
 Paul Ebersman <list-nanog2 at dragon.net> wrote 
 a message of 38 lines which said:

> And EDNS client subnet mostly works.

It is awful, privacy-wise, complicates the cache a lot and seriously
decreases hit rate in cache (since the key to a cached resource is no
longer type+name but type+name+source_address).

> And yes, running your own resolver is more private. So is running
> your own home linux server instead of antique consumer OSs on
> consumer grade gear and using VPNs. But how many folks can do that?

It is not just an issue of knowledge and skills. Even if you have
both, you may lack time, and prefer a shrink-wrapped solution. The
future is in "boxes" which are both ready-to-use (for the guy who
lacks sysadmin skills, and/or lacks time) and open (for the
tinkerer). The Turris Omnia <https://omnia.turris.cz/en/> is a very
good example.

> This also ignores the shift if every house in the world did its own
> recursion. TLD servers and auth servers all over the world would
> have to massively up their capacity to cope.

With my TLD operator hat, I tend to say it is not a problem, we
already have a lot of extra capacity, to handle dDoS.

> As long as ISPs don't actually disallow running of recursive servers

That would be a terrible violation of network neutrality. I hope that
such ISP will go bankrupt.



More information about the NANOG mailing list