[dns-operations] DNS-over-TLS in public resolvers

Phillip Hallam-Baker phill at hallambaker.com
Mon Mar 6 20:01:30 UTC 2017

On Mon, Mar 6, 2017 at 1:41 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr>

> On Mon, Mar 06, 2017 at 10:31:10AM -0500,
>  Phillip Hallam-Baker <phill at hallambaker.com> wrote
>  a message of 207 lines which said:
> > a DNS over UDP resolver is entirely stateless
> You cannot be serious here? How do you handle the fact that the
> authoritative name servers do not reply instantly?

​The request is one UDP packet. It is received, if it can be answered from
cached data, a response is given. Otherwise a request is made to the second
tier and that request is on hold until tier2 responds.

That is the only point at which state is required in any part of the front
tier and it is only maintained for the pendancy of the tier 2 request.

If the system is using TCP then the entire tier 1 network architecture
needs to guarantee that the host that processes the first packet in a
request will process all the remaining packets. That is quite obviously a
major amount of state.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170306/85e146d8/attachment.html>

More information about the dns-operations mailing list