[dns-operations] TCP Re: FlagDay 2020 UDP Size (ofda.gov breakage)
Fred Morris
m3047 at m3047.net
Sat Aug 8 05:07:04 UTC 2020
TLDR: Although DNS servers are supposed to support TCP, it is almost never
utilized in practice unless a UDP response is first received with TC=1,
and fragmentation exacerbates this.
I've discovered this myself during this recent period of intensive
interaction with SOHO networks. Apparently it's always been like this. I
was surprised to find it true, even reading venerable source code to
validate.
On Sat, 8 Aug 2020, Viktor Dukhovni wrote:
> [...] So, while TCP actually works if used directly, there is
> no TCP fallback since no UDP packets are returned with TC=1. :-(
Basically the resolver protocol is unchanged since the 1980s. I think some
further thinking should be done!
--
Fred Morris
More information about the dns-operations
mailing list