You write that it takes 3x RTTs to exchange a question and an answer over TCP. I think it takes 2x RTTs, simple as that. FIN plays no role in answer termination; clients don't wait on a FIN to decide that an answer is usable. You go on to write that servers following the specification don't unilaterally close the connection, but that's at odds with your description of the sequence of packets. (and even that "incorrect" sequence would not require 2x RTTs, since the server could dispatch its FIN without waiting).
Although i think it is valid to argue that DNS TCP requires 3x RTTs if you want to count the original question over UDP + the TC=1 response. But I don't think that's what you are saying in the article. Am I interpreting it wrong? On Fri, Sep 13, 2013 at 12:17 PM, Paul Vixie <[email protected]> wrote: > fyi. > > > > -------- Original Message -------- Subject: [ratelimits] "on the time > value of security features in dns"Date: Fri, 13 Sep 2013 11:30:27 -0700From: > Paul Vixie <[email protected]> <[email protected]>To: [email protected] > <[email protected]> <[email protected]> > > http://www.circleid.com/posts/20130913_on_the_time_value_of_security_features_in_dns/ > > > -- > Paul Vixie > Farsight Security > _______________________________________________ > ratelimits mailing > [email protected]http://lists.redbarn.org/mailman/listinfo/ratelimits > > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- Colm
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
