We are not limited to dns.google.com ip addresses. Google allows to proxify dns service via google.*, google.co.*, images.google.com, translate.google.com, etc.
There are a holes in these subnets (for example 173.194.50.0/24), because dns.google.com cert is not compatible with some google services.
Now let me introduce cloudflare. Their subnets are the best gift ever. It looks like certificate for cloudflare-dns.com is compatible with at least 500 thousands of ip addresses.
It is possible to accumulate several millions of endpoints and provide good load on google and cloudflare.
Disadvantages:
Google and Cloudflare could ban client ip addresses if it will provide huge load on their network.
DNS over HTTP is provided by these companies only.
PS Do not forget that we could process multiple DNS queries via single tcp connection before connection will become broken. "keep-alive" or HTTP/2 will improve this story.
Hello. I want to tell you about DNS over HTTP. Some people ignores this theme. I want to promote it in terms of mass DNS resolutions.
Let we have an example:
We are not limited to
dns.google.com
ip addresses. Google allows to proxify dns service viagoogle.*
,google.co.*
,images.google.com
,translate.google.com
, etc.You can "scan" google subnets and find that thousands of ip addresses could proxify DNS.
There are a holes in these subnets (for example 173.194.50.0/24), because
dns.google.com
cert is not compatible with some google services.Now let me introduce
cloudflare
. Their subnets are the best gift ever. It looks like certificate forcloudflare-dns.com
is compatible with at least 500 thousands of ip addresses.It is possible to accumulate several millions of endpoints and provide good load on google and cloudflare.
Disadvantages:
PS Do not forget that we could process multiple DNS queries via single tcp connection before connection will become broken. "keep-alive" or HTTP/2 will improve this story.
Thank you.