[dns-operations] Always replying to UDP requests with TC=1, good practice or not

Paul Vixie paul at redbarn.org
Mon Oct 19 07:06:30 UTC 2015


On Monday, October 19, 2015 08:28:28 Ralf Weber wrote:
> Moin!

Blargh!

> ...
> In general answering TC=1 for every query seems like a bad idea as it
> triples the RTT for every query, as other said.

noone has argued in favour of that. noone i know has done it in production. 
and the patent i'm thinking of doesn't work that way. so, let's discuss what's 
actually being done:

process_udp(src_ip, src_port, dns_payload) {
	if (!has_done_tcp_recently(src_ip))
		send_tc_1(src_ip, src_port, dns_payload);
		return;
	}
	// answer normally
}

the function has_done_tcp_recently() can be a time-series bloom filter, thus 
approximate for non-negative answers, an acceptable loss of performance since 
it means that on positive collision ("maybe"), an extra TCP session is 
incurred.

it's still a bad idea, even though most UDP queries are answered without TC=1.

-- 
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151019/9d280c10/attachment-0001.sig>


More information about the dns-operations mailing list