On 3/4/13 7:28 PM, Martijn Grooten wrote:
Straight to the point: abusive URLs on legit domains . There's no
(easy/effective) way to encode an entire URL in a DNS request.
At least, that's the reason why I've been thinking about this topic for the
4 years... :-\
Can't you just use HTTP for that?
You could, for sure.
But you won't have redundancy/loaf_balancing/best_peer_selection in the
client: you'd need to wrap something around it (through SRV records for
the client, and clustering, anycast, geoDNS to direct the client to the
best server, etc).
This will increase the requirements for running such services significantly.
Also you'll move the entire thing to TCP, requiring sessions/sockets,
much more expensive to scale properly, and also much more susceptible to
DDoS than UDP-based protocols.
Then take into account the amount of queries major DNSBLs satisfy at the
moment (on DNS, where there's at least some caching in place): >100Kqps.
All in all, I'm quite confident there are not many entities wanting to
provide service to the internet at large over a similar infrastructure...
Asrg mailing list