Maintained by: NLnet Labs

TCP fallback on timeout

Paul Vixie
Sat Apr 29 01:45:01 CEST 2017



David Conrad wrote:
> On Apr 27, 2017, 4:28 PM -0700, Paul Vixie via Unbound-users
> <unbound-users at unbound.net>, wrote:
> 
>> so in effect, TCP is not required, and will never be required. the
>> installed base and its long tail matter more than the wording of 1035. 
> 
> https://tools.ietf.org/html/rfc7766, proposed standard updates 1035 and
> 1123: 
> 
> "   This document therefore updates the core DNS protocol specifications
>      such that support for TCP is henceforth a REQUIRED part of a full DNS
>      protocol implementation."
> 
> Yes, I know about the "installed base" argument and usually agree with
> it. However, Internet standards evolve and, when it makes sense, the
> Internet follows suit. In this case, I think the benefits of TCP support
> given DNSSEC, privacy, spoof protection, etc., will be sufficient to
> move the needle over time.

i'll go further: i think that's a good clarification of and alteration
to the standards. i just don't think it's wise to expect a tcp-only
initiator, or a tcp-only responder, to function reliably. (ever.) so the
standard is nominal, and should guide other standards, but in this case
may give unusable guidance to implementers and operators.

-- 
P Vixie