[dns-operations] Resolver preference: Long TCP sessions vs repeated handshakes?

Florian Weimer fw at deneb.enyo.de
Mon Sep 26 20:41:43 UTC 2016


* Ray Bellis:

> On 23/09/2016 13:47, Florian Weimer wrote:
>> RFC 5966 section 5 suggests that concurrent TCP connections to resolvers
>> should be avoided.
>
> No, it says that they MUST be _minimized_.  That's altogether
> different.

I'm not sure I understand the difference.

> That said, RFC 5966 has been replaced by 7766, which now says (§6.2.2):
>
>    To mitigate the risk of unintentional server overload, DNS clients
>    MUST take care to minimize the number of concurrent TCP connections
>    made to any individual server.  It is RECOMMENDED that for any given
>    client/server interaction there SHOULD be no more than one connection
>    for regular queries, one for zone transfers, and one for each
>    protocol that is being used on top of TCP (for example, if the
>    resolver was using TLS).

This is not very illuminating, either.

What does RFC 7766 mean with “client”?  A whole host, or an individual
process (or even thread in a process) running on a host?




More information about the dns-operations mailing list