TCP fallback on timeout

Paul Vixie paul at redbarn.org
Thu Apr 27 23:28:07 UTC 2017



Havard Eidnes via Unbound-users wrote:
>> Unfortunately, DNS servers aren't required to support TCP.
> 
> IMHO, that is an all too commonly held misconception.  Publishing name
> servers need to support TCP as well.  I'm pretty sure section 4.2 of
> RFC 1035 mandates it.  It doesn't use the formal requirements keywords
> because it predates the RFC which defined their use in this document
> series.

"mandate" and "required" would be stronger words than the context could
sustain.

in practical terms, there are and have always been and will always be
authority name servers who never set TC=1 on UDP, and which do not
support TCP, either by design or because of firewalls. these name
servers work just fine, and that "works just fine" attribute has first
mover advantage: any client that uses only TCP will get no service from
those name servers, and the client not the server will be found "at
fault" for the nonfunction, and so the client will be "fixed" rather
than the server.

so in effect, TCP is not required, and will never be required. the
installed base and its long tail matter more than the wording of 1035.

-- 
P Vixie




More information about the Unbound-users mailing list