On May 29, 2009, at 12:23 PM, Alessandro Vesely wrote:
David Conrad wrote:
However, pragmatically speaking, I suspect it is going to be much,
much easier to get DNSSEC deployed than it would be to get every
router/firewall/NAT manufacturer and network operator to support/
deploy SCTP, not to mention getting every DNSSEC server to support
DNS over SCTP.
Shouldn't be difficult. I'm not much into either technology, but
since SCTP can be tunneled through UDP, it should be possible to
retrofit SCTP adoption onto an existing DNS implementation. On an OS
that provides SCTP natively, a module inserted between the DNS
daemon and its UDP sockets may operate the UDP/SCTP conversion when
the remote hosts support it. Then, it would just discard spurious
incoming UDP packets, and manage keep-alive settings for SCTP
connections. It can work on a separate host or firewall, without
even recompiling the DNS daemon.
On FreeBSD/MacOS X you can just code against the normal SCTP socket
API and
set a sysctl that outgoing associations should be initiate via SCTP/
UDP/IPv[46].
For incoming associations everything is done automatically.
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf