[dns-operations] Geoff Huston on DNS-over-TCP-only study.

Geoff Huston gih at apnic.net
Wed Aug 21 23:38:27 UTC 2013 

On 22/08/2013, at 9:36 AM, Geoff Huston <gih at apnic.net> wrote:

> 
> On 22/08/2013, at 12:36 AM, Jon Lewis <jlewis at lewis.org> wrote:
> 
>> On Wed, 21 Aug 2013, Dobbins, Roland wrote:
>> 
>>> 
>>> <http://www.circleid.com/posts/20130820_a_question_of_dns_protocols/>
>> 
>> I didn't even get far enough to get to the parts Vixie seems to object to. It was too painful to read.  It's in desperate need of proof-reading and copy editing.  Was this translated (poorly) from some other language to English?
>> 
> 
> My apologies - english is spoken and written in so many styles and I know that my written style can be considered as turgid, particularly when I was not intending to write for a highly expert specialist technical audience such as are on this mailing list.
> 
> So here is what I would say to this audience:
> 
> - How many resolvers and their clients will resolve a DNS name to an address if they are forced to use TCP?
> 
> - Our experiment used a modified DNS server that truncated all UDP at 512 bytes, and over 10 days we enlisted some 2 million end clients to perform a set of tests by using online ads. The ad used a very wide geographic and network variety, so there is good grounds to see this set as a reasonable representative sample of the internet's end user population.
> 
> - The authoritative nameserver saw 80,000 visible resolvers. 17% of them (13,400) did not switch to TCP and re-query upon receipt of truncated TCP. 0.4% of them appear to have some inbound TCP-blocking firewall/filter. The rest simply did not respond in TCP
> 
> - These 13,400 resolvers were used by 6% of the end clients.
> 
> - 2/3 of these affected end clients switched to use an alternative resolver that was able to pose the query using UDP.

sigh

"pose the query using UDP and fall back to TCP upon receipt of the truncated UDP response"


> 
> - the rest (2%, or 50,000 end clients) were unable to complete the DNS query at all.
> 
> - we retested, using a slightly different DNS nameserver configuration with a smaller UDP truncation threshld, over a further 700,000 end clients and saw a similar outcome.
> 
> regards,
> 
> Geoff
>

More information about the dns-operations mailing list