TCP fallback on timeout

Paul Vixie paul at
Fri Apr 28 23:45:01 UTC 2017

David Conrad wrote:
> On Apr 27, 2017, 4:28 PM -0700, Paul Vixie via Unbound-users
> <unbound-users at>, wrote:
>> so in effect, TCP is not required, and will never be required. the
>> installed base and its long tail matter more than the wording of 1035. 
>, proposed standard updates 1035 and
> 1123: 
> "   This document therefore updates the core DNS protocol specifications
>      such that support for TCP is henceforth a REQUIRED part of a full DNS
>      protocol implementation."
> Yes, I know about the "installed base" argument and usually agree with
> it. However, Internet standards evolve and, when it makes sense, the
> Internet follows suit. In this case, I think the benefits of TCP support
> given DNSSEC, privacy, spoof protection, etc., will be sufficient to
> move the needle over time.

i'll go further: i think that's a good clarification of and alteration
to the standards. i just don't think it's wise to expect a tcp-only
initiator, or a tcp-only responder, to function reliably. (ever.) so the
standard is nominal, and should guide other standards, but in this case
may give unusable guidance to implementers and operators.

P Vixie

More information about the Unbound-users mailing list