[dns-operations] The possible problems after May 5th

Olaf Kolkman olaf at NLnetLabs.nl
Fri Apr 9 05:52:14 UTC 2010

On Apr 8, 2010, at 11:21 PM, Matthew Dempsky wrote:

> On Thu, Apr 8, 2010 at 6:35 AM, bert hubert <bert.hubert at netherlabs.nl> wrote:
>> Try it. Block UDP for your resolver and see how far you get.
> For fun, I patched dnscache to only send queries over TCP and then
> tried resolving a bunch of popular domain names with it.  I tested the
> first 60 entries in Alexa's top domains and was unable to resolve the
> following names:


Fair enough, but are the answers to any of those queries of such size that fall-back to TCP is needed? (Open question, I have not tested that)

In this general case, where authoritative servers block TCP, there is really an alignment of incentive: if these DNS farms want to provide a good service: they keep the answers small, they provide TCP, or they have some explaining to do to the lives, baidus, msns, microsofts and apples in this world.

In other words, I do not see why an example of TCP fallback not working in production configuration is relevant when in that production configuration UDP works fine, all the time?



Olaf M. Kolkman                        NLnet Labs
                                       Science Park 140, 
http://www.nlnetlabs.nl/               1098 XG Amsterdam

More information about the dns-operations mailing list