On Sun, Apr 01, 2018 at 02:03:41PM -0600, Paul Ebersman <list-nanog2@dragon.net> wrote a message of 38 lines which said:
And EDNS client subnet mostly works.
It is awful, privacy-wise, complicates the cache a lot and seriously decreases hit rate in cache (since the key to a cached resource is no longer type+name but type+name+source_address).
And yes, running your own resolver is more private. So is running your own home linux server instead of antique consumer OSs on consumer grade gear and using VPNs. But how many folks can do that?
It is not just an issue of knowledge and skills. Even if you have both, you may lack time, and prefer a shrink-wrapped solution. The future is in "boxes" which are both ready-to-use (for the guy who lacks sysadmin skills, and/or lacks time) and open (for the tinkerer). The Turris Omnia <https://omnia.turris.cz/en/> is a very good example.
This also ignores the shift if every house in the world did its own recursion. TLD servers and auth servers all over the world would have to massively up their capacity to cope.
With my TLD operator hat, I tend to say it is not a problem, we already have a lot of extra capacity, to handle dDoS.
As long as ISPs don't actually disallow running of recursive servers
That would be a terrible violation of network neutrality. I hope that such ISP will go bankrupt.