As we have more and more DNS over TCP (large responses, response
rate limitation, even TLS for privacy) I think we should fix the
way DNS over TCP is supposed to be handled by servers.
Quoting RFC 1035 4.2.2 "TCP usage":
- The server should assume that the client will initiate
connection closing, and should delay closing its end of the
connection until all outstanding client requests have been
satisfied.
- If the server needs to close a dormant connection to reclaim
resources, it should wait until the connection has been idle
for a period on the order of two minutes. In particular, the
server should allow the SOA and AXFR request sequence (which
begins a refresh operation) to be made on a single connection.
Since the server would be unable to answer queries anyway, a
unilateral close or reset may be used instead of a graceful
close.
A 2mn timeout simply has no chance to scale.
So I propose:
- make clear that TCP support is mandatory.
- allow servers to use the timeout they like, even a zero timeout
(the last point should be discussed). Note a zero timeout doesn't
mean "send the response and close" but "send the response, check
there is not pending query, and close".
Now there are the not technical questions to solve first:
- is DNSOP chartered to do this? Point 4 says "protocol maintenance"
and point 5 allows more if the area director agree.
- is 5966bis the right place? I don't think so but another
document means the 5966bis will be delayed...
Regards
francis.dup...@fdupont.fr
PS: I'll try to raise this at the mic if there is still enough time
(as this message is sent during the DNSOP session at the 92th IETF).
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
