On 08. 07. 25 17:01, Ben Schwartz wrote:
I think it could be interesting to have an informational draft that:
1. Documents "always send empty UDP responses with TC=1" as an allowed
DNS server behavior.
2. Documents "start with TCP" as an allowed DNS client behavior.
3. Enumerates all the RFCs and hacks that can be skipped if you do
this. (Maybe try deleting all that logic from BIND and report the code
size savings?)
I don't think this is likely to lead to a big shift away from UDP, but
if it makes simple implementations easier that's probably a good thing.
Personally I don't see need for yet another document. TC=1 is a standard
thing so I don't see the value. You can do that (and deal with breakage)
even without a document.
Moreover assumption in the document pointed out be Wes upthread
> stub->resolver and resolver->authoritative as being the same and
subject to the same suggestion of "just assume TCP exists"
... is simply wrong. These are very different landscapes with different
deployment characteristics, resources available, attack surface, and
thus connection management needs.
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
