[Dnssec-trigger] patch to fix the dnssec-trigger fallback issue
wouter at nlnetlabs.nl
Wed Aug 13 14:57:22 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 08/13/2014 04:31 PM, Pavel Simerda wrote:
> just found where the problem with not using the fallback
> configuration was. All the details are in the Fedora bugzilla
> ticket. I didn't do any more extensive research but it
> basically seems that after planning the direct probe we need to
> also plan the tcpdns probe *before* the direct probe finishes and
> prevents the tcpdns one from being planned.
You seem to want dnssec-trigger to probe in a different sequence of
At the design time the direct method was thought to be a better method
than using a public-recursor fallback. The traffic on authority
servers was not considered a problem.
The bugzilla ticket is solving something which is not a bug but a
feature. Designed in, as the order of the probes performed.
The aim for the initial design was also to reduce load on that public
resolver (hosted by us in the generic package).
The direct (direct to authority servers) method works very often. And
when it does it is very likely to produce DNSSEC support.
Your patch also seems to have a race condition, I think, since you
spawn both the direct and the dnstcp probes at the same time.
>  https://bugzilla.redhat.com/show_bug.cgi?id=1109292
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the dnssec-trigger