Encrypting DNS end-to-end

Encrypting DNS end-to-end

https://meson.in/2EUQnPb


Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. Traditionally, the connection between a resolver and an authoritative name server is unencrypted i.e. over UDP.

In this pilot we tested how an encrypted connection using TLS impacts the end-to-end latency between 1.1.1.1 and Facebook’s authoritative name servers. Even though the initial connection adds some latency, the overhead is amortized over many queries. The resulting DNS latency between 1.1.1.1 and Facebook’s authoritative name servers is on par with the average UDP connections.

To learn more about how the pilot went, and to see more detailed results, check out the complete breakdown over on Code, Facebook’s Engineering blog.

Product.platform

via The Cloudflare Blog https://meson.in/2DaAAwa

December 22, 2018 at 01:02AM

Leave a Reply

Your email address will not be published. Required fields are marked *