Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative
Ask Bjørn Hansen <ask@develooper.com> Sat, 08 August 2020 21:54 UTC
Return-Path: <ask@develooper.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0DC3A07CB for <dns-privacy@ietfa.amsl.com>; Sat, 8 Aug 2020 14:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=develooper.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSIpdKQ4Hi_8 for <dns-privacy@ietfa.amsl.com>; Sat, 8 Aug 2020 14:54:34 -0700 (PDT)
Received: from mx-out1.ewr1.develooper.com (mx-out1.ewr1.develooper.com [139.178.64.59]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72FE03A07BE for <dns-privacy@ietf.org>; Sat, 8 Aug 2020 14:54:34 -0700 (PDT)
Received: from mail.develooper.com (kw5.ewr1.develooper.com [147.75.38.195]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx-out1.ewr1.develooper.com (Postfix) with ESMTPS id 36F476E01BD; Sat, 8 Aug 2020 21:54:33 +0000 (UTC)
X-Virus-Scanned: Yes
From: Ask Bjørn Hansen <ask@develooper.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=develooper.com; s=mail; t=1596923671; bh=z1nivOHu4R3NQez44SsXzzTUUJH83Urb4F3xvzY4os4=; h=From:Subject:In-Reply-To:Cc:To:References; b=hN+XfzT9whL4cGIzASBEFnHF1s3NeLcMHxGnlb9nery/Qx1yquiivcK5NVASYKN9a jvJw7rkqB2kZ6ANpBIhcfjkGaQ2C9jfW/HcJChQmzdvrb2f21sClPT7UUROrqE3QJn nsOOqDDhK+OWvSeLUuUITaP4YodD8Z66DNCvIFyQOEhW2Da8JhKloveV7UimHrc27j kksiQkjNCXByiWVdmTjdFaxhT3bLVwXuKHi81NiSiH5qXSHCQwUOrYNqFHwRYWeLOd P+w9OhbRfJ5q+MWB1FJkhvRBzheYRd0qRLRrf1mb8uC9XglGomtoNOYZ0xKbwRbeHH q9DjaS2EAs8NQ==
Message-Id: <9856A472-1148-429A-844E-D561A1C808EB@develooper.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4BC4039D-9571-4866-A800-2D7C98192224"
Mime-Version: 1.0
Date: Sat, 08 Aug 2020 14:54:29 -0700
In-Reply-To: <17f6e4fd-e545-267f-f29e-01d5fb57d017@innovationslab.net>
Cc: dns-privacy@ietf.org
To: Brian Haberman <brian@innovationslab.net>
References: <3BA75997-3DE4-4DF5-B1F5-C57DBC423288@icann.org> <17f6e4fd-e545-267f-f29e-01d5fb57d017@innovationslab.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/SBhjYvOKDeysiRVAVIUSxcCcQiw>
Subject: Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 21:54:36 -0000
> On Aug 8, 2020, at 11:57 AM, Brian Haberman <brian@innovationslab.net> wrote: > > Does anyone have numbers on how many authoritative servers use anycast > for load balancing? I don’t have data (and haven’t looked into it recently), but I think it’s a very safe assumption that - most of the authoritative servers don’t use anycast - most authoritative queries (for an average resolver) go to servers that use anycast Ask p.s. If you meant “for load balancing” to narrow which anycast deployments you are counting then it’s impossible to figure out unless you talk to each operator to find out what their motivations to use anycast were — performance, load balancing, resiliency, …
- [dns-privacy] Possible use case: Opportunistic en… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… Ben Schwartz
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… John R. Levine
- Re: [dns-privacy] Possible use case: Opportunisti… Tim Wicinski
- Re: [dns-privacy] Possible use case: Opportunisti… Puneet Sood
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Puneet Sood
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Manu Bretelle
- Re: [dns-privacy] Possible use case: Opportunisti… John Levine
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Wouters
- Re: [dns-privacy] Possible use case: Opportunisti… Brian Haberman
- Re: [dns-privacy] Possible use case: Opportunisti… Ask Bjørn Hansen
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Ebersman
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… Peter van Dijk
- Re: [dns-privacy] Possible use case: Opportunisti… Peter van Dijk
- Re: [dns-privacy] [Ext] Possible use case: Opport… Brian Haberman
- Re: [dns-privacy] Possible use case: Opportunisti… Tony Finch
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Wouters
- [dns-privacy] TLSA for secure resolver-auth trans… Peter van Dijk
- Re: [dns-privacy] Possible use case: Opportunisti… Vladimír Čunát
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] TLSA for secure resolver-auth t… Ilari Liusvaara
- Re: [dns-privacy] TLSA for secure resolver-auth t… Paul Wouters
- Re: [dns-privacy] [Ext] TLSA for secure resolver-… Paul Hoffman
- Re: [dns-privacy] TLSA for secure resolver-auth t… Vladimír Čunát
- Re: [dns-privacy] TLSA for secure resolver-auth t… Paul Wouters
- Re: [dns-privacy] Possible use case: Opportunisti… Viktor Dukhovni
- Re: [dns-privacy] TLSA for secure resolver-auth t… Peter van Dijk