0005-DNS change proposal: Cache names longer with confidence #59
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Web server and DNS may be hijacked and return the wrong Dat key. This new caching method allows for name resolution caching to grow linearly as confidence in the returned result increases over time. E.g. if a name was first resolved three days ago, it can be cached for up to six additional days if we're confident in the resolver result. After two weeks, the name can be cached for four weeks and so on. Domain owner still controls maximum caching time with TTL. Increases performance and privacy while making clients less susceptible to centralized/decentralized service disruptions (such as a DDoS or a server running out of memory.) Reduces dependency on servers.
Include example algorithm.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Web server and DNS may be hijacked and return the wrong Dat key. This new caching method allows for name resolution caching to grow linearly as confidence in the returned result increases over time.
E.g. if a name was first resolved three days ago, it can be cached for up to six additional days if we're confident in the resolver result. After two weeks, the name can be cached for four weeks and so on. Domain owner still controls maximum caching time with TTL.
Increases performance and privacy while making clients less susceptible to centralized/decentralized service disruptions (such as a DDoS or a server running out of memory.) Reduces dependency on servers.
I've written an article, Well-Known URI vs DNS-SD for routing distributed web service discovery around internet censorship (and disruptions), that has some more context on why these changes are necessary.