[dns-operations] Geoff Huston on DNS-over-TCP-only study.
gih at apnic.net
Wed Aug 21 23:36:39 UTC 2013
On 22/08/2013, at 12:36 AM, Jon Lewis <jlewis at lewis.org> wrote:
> On Wed, 21 Aug 2013, Dobbins, Roland wrote:
> I didn't even get far enough to get to the parts Vixie seems to object to. It was too painful to read. It's in desperate need of proof-reading and copy editing. Was this translated (poorly) from some other language to English?
My apologies - english is spoken and written in so many styles and I know that my written style can be considered as turgid, particularly when I was not intending to write for a highly expert specialist technical audience such as are on this mailing list.
So here is what I would say to this audience:
- How many resolvers and their clients will resolve a DNS name to an address if they are forced to use TCP?
- Our experiment used a modified DNS server that truncated all UDP at 512 bytes, and over 10 days we enlisted some 2 million end clients to perform a set of tests by using online ads. The ad used a very wide geographic and network variety, so there is good grounds to see this set as a reasonable representative sample of the internet's end user population.
- The authoritative nameserver saw 80,000 visible resolvers. 17% of them (13,400) did not switch to TCP and re-query upon receipt of truncated TCP. 0.4% of them appear to have some inbound TCP-blocking firewall/filter. The rest simply did not respond in TCP
- These 13,400 resolvers were used by 6% of the end clients.
- 2/3 of these affected end clients switched to use an alternative resolver that was able to pose the query using UDP.
- the rest (2%, or 50,000 end clients) were unable to complete the DNS query at all.
- we retested, using a slightly different DNS nameserver configuration with a smaller UDP truncation threshld, over a further 700,000 end clients and saw a similar outcome.
More information about the dns-operations