<div dir="ltr"><div><br></div><div>You write that it takes 3x RTTs to exchange a question and an answer over TCP. I think it takes 2x RTTs, simple as that. FIN plays no role in answer termination; clients don't wait on a FIN to decide that an answer is usable. You go on to write that servers following the specification don't unilaterally close the connection, but that's at odds with your description of the sequence of packets. (and even that "incorrect" sequence would not require 2x RTTs, since the server could dispatch its FIN without waiting).  </div>
<div><br></div><div>Although i think it is valid to argue that DNS TCP requires 3x RTTs if you want to count the original question over UDP + the TC=1 response. But I don't think that's what you are saying in the article. Am I interpreting it wrong?</div>
<div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Sep 13, 2013 at 12:17 PM, Paul Vixie <span dir="ltr"><<a href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div bgcolor="#FFFFFF" text="#000000">fyi.<br>
<br>
<span><br>
<br>
-------- Original Message --------
<table border="0" cellpadding="0" cellspacing="0">
<tbody><tr><th align="RIGHT" nowrap valign="BASELINE">Subject: </th><td>[ratelimits]
 "on the time value of security features in dns"</td></tr><tr><th align="RIGHT" nowrap valign="BASELINE">Date: </th><td>Fri, 13 
Sep 2013 11:30:27 -0700</td></tr><tr><th align="RIGHT" nowrap valign="BASELINE">From: </th><td>Paul Vixie <a href="mailto:vixie@fsi.io" target="_blank"><vixie@fsi.io></a></td></tr><tr><th align="RIGHT" nowrap valign="BASELINE">
To: </th><td><a href="mailto:ratelimits@lists.redbarn.org" target="_blank">ratelimits@lists.redbarn.org</a>
 <a href="mailto:ratelimits@lists.redbarn.org" target="_blank"><ratelimits@lists.redbarn.org></a></td></tr></tbody>
</table>

<br>
<br>
<pre><a href="http://www.circleid.com/posts/20130913_on_the_time_value_of_security_features_in_dns/" target="_blank">http://www.circleid.com/posts/20130913_on_the_time_value_of_security_features_in_dns/</a><span class="HOEnZb"><font color="#888888">


-- 
Paul Vixie
Farsight Security
_______________________________________________
ratelimits mailing list
<a href="mailto:ratelimits@lists.redbarn.org" target="_blank">ratelimits@lists.redbarn.org</a>
<a href="http://lists.redbarn.org/mailman/listinfo/ratelimits" target="_blank">http://lists.redbarn.org/mailman/listinfo/ratelimits</a>
</font></span></pre> 
</span><br>
</div>
<br>_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Colm
</div>