Re: "trivial" changes to DNS (was: OpenNTPProject.org)

[Jared Mauch <jared () puck Nether net>]

On Thu, Jan 16, 2014 at 11:39:46AM -0500, Andrew Sullivan wrote:
> On Thu, Jan 16, 2014 at 11:32:05AM -0500, Christopher Morrow wrote:
>
> > pretty easy to believe that quic would be helpful right? 
>
> Yes.  It's also pretty easy to believe that ditching DNS completely in
> favour of something without 8 billion warts would be helpful.  
>
> > seems totally feasible.
>
> Certainly, it would be possible to standardize it.  Whether it would
> be "trivial" to get it deployed is quite a different matter.  The
> evidence to date is that there is a very, very long tail in any change
> having to do with the DNS.  We are still, to this day, fighting with
> sysadmins who are convinced that firewall rules on TCP/53 are
> perfectly reasonable, even though DNS _always_ used TCP. 

        I can point anyone interested to the place in the
bind source to force it to reply to all UDP queries with TC=1
to force TCP.  should be safe on any authority servers, as a recursive
server should be able to do outbound TCP.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.