[dns-operations] The possible problems after May 5th
Olaf Kolkman
olaf at NLnetLabs.nl
Fri Apr 9 05:52:14 UTC 2010
On Apr 8, 2010, at 11:21 PM, Matthew Dempsky wrote:
> On Thu, Apr 8, 2010 at 6:35 AM, bert hubert <bert.hubert at netherlabs.nl> wrote:
>> Try it. Block UDP for your resolver and see how far you get.
>
> For fun, I patched dnscache to only send queries over TCP and then
> tried resolving a bunch of popular domain names with it. I tested the
> first 60 entries in Alexa's top domains and was unable to resolve the
> following names:
[...]
Fair enough, but are the answers to any of those queries of such size that fall-back to TCP is needed? (Open question, I have not tested that)
In this general case, where authoritative servers block TCP, there is really an alignment of incentive: if these DNS farms want to provide a good service: they keep the answers small, they provide TCP, or they have some explaining to do to the lives, baidus, msns, microsofts and apples in this world.
In other words, I do not see why an example of TCP fallback not working in production configuration is relevant when in that production configuration UDP works fine, all the time?
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
Science Park 140,
http://www.nlnetlabs.nl/ 1098 XG Amsterdam
More information about the dns-operations
mailing list