Re: [dns-wg] DNS Privacy
On 25 May 2016, at 19:13, Roland van Rijswijk - Deij <Roland.vanRijswijk@surfnet.nl> wrote:
Hi Roland,
I've already run a number of benchmark tests with TLS-enabled Unbound,
That’s interesting, we are doing the same although there still are a couple of features that are missing from Unbound for it to be fully performant/production ready. We have also had a lot of discussions about how existing load balancers might be modified do to the TCP/TLS connection management for DNS, so it would actually be interesting to have resolvers with differing configurations.
and would be willing to host one or two public resolvers at SURFnet that are TLS-enabled. Would that be helpful?
That sounds great.
I even have (relatively) nice IP addresses available ;-) (145.0.0.145 comes to mind).
nice :-) Sara.
On Thu, May 26, 2016 at 07:58:11AM +0200, Sara Dickinson <sara@sinodun.com> wrote a message of 58 lines which said:
there still are a couple of features that are missing from Unbound for it to be fully performant/production ready.
Out-of-order replies, for instance.
Shameless plug - Knot DNS Resolver has out-of-order replies, query deduplication + pipelining, and TCP fastopen. There's a PR open for DNS/TLS started at the OARC hackathon, but it wasn't finished. It would be terrific if somebody could pick that up, so we could have some real-world useable implementations for testing. Marek [1] https://gitlab.labs.nic.cz/knot/resolver/merge_requests/18 On 26 May 2016 at 00:24, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Thu, May 26, 2016 at 07:58:11AM +0200, Sara Dickinson <sara@sinodun.com> wrote a message of 58 lines which said:
there still are a couple of features that are missing from Unbound for it to be fully performant/production ready.
Out-of-order replies, for instance.
Marek Vavruša <marek@vavrusa.com> wrote:
Shameless plug - Knot DNS Resolver has out-of-order replies, query deduplication + pipelining, and TCP fastopen.
Nice :-) One of the improvements in BIND 9.11 is concurrent resolution and out-of-order replies to queries on a TCP connection. GNU adns makes good use of this feature. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode Shannon: Easterly 3 or 4, increasing 5 or 6 in south. Slight or moderate. Rain later in southwest. Moderate or good.
participants (4)
-
Marek Vavruša -
Sara Dickinson -
Stephane Bortzmeyer -
Tony Finch