There are three categories of broken #DNS resolvers, regarding ATR: "can't receive fragments", "can't retry with TCP" and those who have both curses. What are the sizes of these categories?

#RIPE76

Apparently, #RIPE76 takes place in a very dangerous city: https://twitter.com/ripemeeting/status/996687632133427200

#DNS Working Group, second session, at #RIPE76 DNS privacy, DNS over TLS, etc.

Colin Petrie about the deployment of the DNS-over-TLS resolver at the #RIPE76 meeting

Uses Knot Resolver with 10 lines of a #Lua plugin to improve DNS64. (Because BIND still has no QNAME minimisation and no TLS ; Unbound has almost everything but no address-specific DNS64)

Anand Buddhev on the #DNS RIPE-NCC services. New K-root instances in Lyon (second one in France), Duchanbe, Panama... #RIPE76

#DNS zone transfers of RIPE-NCC services are now exclusively on #IPv6 (just one IPv4 fallback remaining, for Afrinic). #RIPE76

#DNS config (zones under ip6.arpa and in-addr.arpa) is checked with #Zonemaster https://zonemaster.ripe.net/ Soon to be integrated under RIPEstat.

#RIPE76

Victoria Risk on stage about a #DNS #privacy survey done by ISC. #RIPE76

"Business benefits and costs of #privacy for operators". The US approach to privacy online... Very oriented questions such as "do you think [#DNS #privacy] is another example of over-engineering?" #RIPE76

Around 100 answers, and results are displayed with four digits... #statistics #RIPE76

. @zorun on stage "Large-scale #DNS over #TCP - or #TLS" Practical or not? #RIPE76 #deathToUDP

Ping @quota_atypique

"What is every home router would have a persistent TCP connection with the ISP #DNS resolver?" Is it realistic? Could we switch off UDP? #RIPE76

Meausrement: #DNS queries generated with a custom C progrem + #libevent running on Grid5000

At the beginning, the resolver can answer all queries then sustain a fixed rate, even when the queries number increases.

#RIPE76

UDP still 4x better for high query handling, except when there are few TCP clients. #DNS #RIPE76

Best test :-) 6.5 M TCP simultaneous connections to the resolver (Linux and Unbound still work). #RIPE76

Executive summary: DNS over TCP works, and scales. Just buy some hardware. #RIPE76

"Default value was 10, I've set it to 7 millions." #RIPE76 #performance #Unbound #scaling