[nsd-users] NSD TCP performance

Jaap Akkerhuis jaap at NLnetLabs.nl
Fri Nov 9 18:46:58 UTC 2007

    On Fri, Nov 09, 2007 at 12:06:20PM -0500, nsd at dclg.ca wrote:
    > I'd like to have a look at this patch.  Maybe the patch can be worked
    > ina more acceptable manner.  My client is very concerned about TCP
    > performance because of DNSSEC being on the horizon.
    Of course, TCP isn't maybe the only way DNSSEC will get responses,

The preferred way is to use EDNS0. If I remember correctly, it is a
requirement for DNSSEC (rfc 3226).

    but it's a concern for sure.  It also seems that this TCP issue
    is a DoS waiting to happen, since it imposes rather more overhead,

Yes, in general TCP connections take up more resources. That's 
one of the motivations for ENDS0.


More information about the nsd-users mailing list