[yyin]

Back in 2008 after the cache poisoning hype, I developed my own method of resolving names without using caches (it is very fast); I use only authoritative servers. I still use this method daily.

"... but we can set the tc "Truncation" bit to force an upgrade to the protocol with more bandwidth."

dnsq does not do TCP queries. Sorry.

I also developed a few systems for resolving all the names I needed in advance so I did not need to use DNS at all, except when periodically updating the list of IP addresses. I am glad I did that work. (But nowadays there are resources like scans.io)

When someone publishes a vulnerability in dnsq from djbdns (it does not send recursive requests), I'll have to dream up another solution to the problem of "DNS". I doubt that's going to happen, but I could be wrong.

There are too many other easier targets.

[duskwuff]

1. Hitting authoritative servers for every DNS query and refusing to cache results will make the operators of those servers hate you. You will probably find that some sites (or even potentially entire TLDs!) will end up blocking your requests entirely after a while, as this is an incredibly "unfriendly" behavior.

2. Supporting TCP queries is not optional. Some DNS servers will refuse to answer certain types of queries over UDP. In particular, ANY queries are often TCP-only, as they are a potential vector for DNS amplification attacks.

[yyin]

1. The truth is, I make far fewer queries than the average web user. Because I have the IP addresses I need stored permanently. And I only update those files periodically. Today's websites and graphical web browsers (that I do not use) perform astounding quantities of uneccessary _daily_ or _hourly_ DNS requests that I never make. Maybe you think I am resolving every registered name in existence? If that were true, then yes, I think that is unreasonable. But the fact is I am only resolving the names I need, which, in the context of the total number of names registered, is very, very few. however scans.io and other scanning projects do not seem to be labeled as "unfriendly" nor the target of "hate"; perhaps your views are not based on actual exerience?

2. This is a personal solution. I am not writing software for anyone else. I do not have to use TCP for DNS queries and I have never found an authoritative server that refused to accept a UDP query. dnsq does not do TCP queries; I guess you could complain to the author he's violating some rule? If I am not mistaken, amplification problems happen because of ideas like open resolvers and enormous UDP packets, like those required for EDNS0 and DNSSEC. I am not a user of either of those ideas.

[chei0aiV]

I would encourage you to publish your solution and get it included in various software distributions.