TCP fallback on timeout
paul at redbarn.org
Fri Apr 28 23:45:01 UTC 2017
David Conrad wrote:
> On Apr 27, 2017, 4:28 PM -0700, Paul Vixie via Unbound-users
> <unbound-users at unbound.net>, wrote:
>> so in effect, TCP is not required, and will never be required. the
>> installed base and its long tail matter more than the wording of 1035.
> https://tools.ietf.org/html/rfc7766, proposed standard updates 1035 and
> " This document therefore updates the core DNS protocol specifications
> such that support for TCP is henceforth a REQUIRED part of a full DNS
> protocol implementation."
> Yes, I know about the "installed base" argument and usually agree with
> it. However, Internet standards evolve and, when it makes sense, the
> Internet follows suit. In this case, I think the benefits of TCP support
> given DNSSEC, privacy, spoof protection, etc., will be sufficient to
> move the needle over time.
i'll go further: i think that's a good clarification of and alteration
to the standards. i just don't think it's wise to expect a tcp-only
initiator, or a tcp-only responder, to function reliably. (ever.) so the
standard is nominal, and should guide other standards, but in this case
may give unusable guidance to implementers and operators.
More information about the Unbound-users