Bind and HTTPS?
Lefteris Tsintjelis
lefty at spes.gr
Thu Jul 11 22:54:06 UTC 2019
On 11/7/2019 22:56, @lbutlr wrote:
> On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users <bind-users at lists.isc.org> wrote:
>> On 11/7/2019 15:35, Tony Finch wrote:
>>> Lefteris Tsintjelis via bind-users <bind-users at lists.isc.org> wrote:
>>>>
>>>> Why would you want something like that?
>>> https://datatracker.ietf.org/wg/dprive/about/
>>
>> If you are willing to sacrifice speed.
>
> Not really. Using DOH servers now doesn’t have any noticeable impact on speed of DNS.
Doesn't the packet size have any impact at all just by itself, excluding
packet encryption/decryption times? For me the difference was quite
noticeable when I first enabled DNSSEC, specially when I first tested it
with SHA256/512. Packets would easily exceed fragmentation limits and
that alone is just by using DNSSEC only! I don't know what the impact of
DOH would be on the packet size, but I am pretty sure it would be even
worst combined with DNSSEC, would it not?
Lefteris
More information about the bind-users
mailing list