10 Aug
2008
10 Aug
'08
6:01 p.m.
But we only care about TCP connection setup time in *interactive* sessions (a human using something like the web). If you have a persistent connection to your dns server from your dns resolver on your browser machine, you just send the request.... no TCP setup there at all. You can even pool connections. We do this stuff in LDAP all the time.
Again, if we can change the DNS protocol, then it's easy to solve. Securing host->recursive name server is, at the moment, not an issue - each host is a small target, and often has little bandwidth available. Furthermore, stopping IP spoofing of one's own hosts within one's networks is, well, not trivial, but not hugely difficult either.