David Conrad wrote:
However, pragmatically speaking, I suspect it is going to be much, much
easier to get DNSSEC deployed than it would be to get every
router/firewall/NAT manufacturer and network operator to support/deploy
SCTP, not to mention getting every DNSSEC server to support DNS over SCTP.
Shouldn't be difficult. I'm not much into either technology, but since
SCTP can be tunneled through UDP, it should be possible to retrofit
SCTP adoption onto an existing DNS implementation. On an OS that
provides SCTP natively, a module inserted between the DNS daemon and
its UDP sockets may operate the UDP/SCTP conversion when the remote
hosts support it. Then, it would just discard spurious incoming UDP
packets, and manage keep-alive settings for SCTP connections. It can
work on a separate host or firewall, without even recompiling the DNS
daemon.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf