I had a couple of comments on Fujiwara-san's presentation at the DNSOP meeting at IETF61, and promised that I would send them to the list.
1) Regarding the reported problem with the five minute timeout on RFC 2308 SERVFAIL caching and the suggestion to fix this problem by increasing the cache timeout to several hours: it might be better to treat this as a polling problem. That is, leave the five minute timer in place, and when the five minute timer expires, it's time to consider the possibility that the server has recovered, so one should send it a packet or three to see what it does, while continuing to answer queries as if the server were still known to be bad until results from the poll become available. This is similar in concept to the way that TCP zero-window probes work. 2) The recommendation that name servers MUST support EDNS0 if they're going to send back response messages larger than 512 octets seems reasonable. The need for name servers to support TCP as well if the message size exceeds 1200 octets is less obvious: it seems to me that EDNS0 is enough. Part of the reason why the TCP requirement concerns me is that I suspect that such a requirement would simply be ignored, so if TCP support really is a requirement, we're going to have to make a very compelling case for why TCP is the only solution. Since I'm pretty sure that EDNS0 is enough, I suspect that we cannot make that strong a case for TCP. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
