Duane, At 2016-02-18 22:18:14 +0000 "Wessels, Duane" <[email protected]> wrote:
> > Personally I think TCP for root priming makes complete sense, since root > > priming traffic is a small fraction of a percent of both root server > > traffic and resolver queries. (In fact this is a subset of the general > > set of queries where "if you expect truncation, just start with TCP". > > That's a possibly useful optimization that probably nobody has bothered > > with because truncation is very rare.) > > > I took a look at some data to see if priming queries truly are a small > fraction. From what I see, about 3.5 to 4.0% of root server traffic is > priming queries. I have a "second opinion" analysis running at DNS-OARC > but that is taking longer, so if it indicates anything different I'll > follow up. Just for clarification, does this mean 3.5% to 4.0% of all root server traffic or 3.5% to 4.0% of "non-junk" root server traffic? I ask because I am assured that 90% of root server traffic is junk. If you are talking about 3.5% to 4.0% of all root traffic, then this means that more than 1/3 of "real" traffic is root priming, which seems really high to me. If you're talking bout 3.5% to 4.0% of non-junk traffic, then it's something like 0.4% of all traffic, which is still more than I would expect, but not shockingly so. > I guess I'm a little hesitant here because in an earlier discussion > on this document we talked about saying "resolvers SHOULD send DO > when priming" and if we add "SHOULD use TCP when DO is set" then TCP > sort of becomes the default for all priming queries. Unless and > until the root-servers.net zone is signed, the priming response > doesn't really need TCP because it can entirely fit in an > unfragmented UDP packet. Let me turn this around... why would you not use TCP for root priming? One concern might be that root servers are easier to DoS via TCP exhaustion, causing priming to fail. Are there other issues? Cheers, -- Shane _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
