[dns-operations] TC=1 and stub resolvers, firefox appears to not do it

bert hubert bert.hubert at netherlabs.nl
Wed Sep 2 13:45:23 UTC 2015


On Wed, Aug 26, 2015 at 02:48:12PM +0200, bert hubert wrote:
> Last time I checked they all supported this. But do recall the "stub
> resolver" often is proxied via a high quality piece of routing equipment at
> home these days...

Ok, so it may turn out I am wrong. We just got this report from a user that
for reasons on their own is replying TC=1 to *everything* over UDP:

http://mailman.powerdns.com/pipermail/dnsdist/2015-September/000020.html

"Yes! It works. When we try with the Chrome Browser it responds with  
the TC-bit set and then it automatically retries TCP(looks great) .  
However, when we try with Firefox Browser, it only returns the  
response and not try with TCP.

This is our related configurations;

glibc vesion : 2.13-1
Kernel version : 3.2.0-68-generic
Firefox version: 40.0.3
Chrome version: 43.0.2357.65"

Anyone from Mozilla present? And, do we care? It might have implications for
doing DNSSEC things from the Firefox browser.

	Bert




More information about the dns-operations mailing list