-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Pavel,
On 08/13/2014 04:31 PM, Pavel Simerda wrote: > Hi, > > just found where the problem with not using the fallback > configuration was. All the details are in the Fedora bugzilla > ticket[1]. I didn't do any more extensive research but it > basically seems that after planning the direct probe we need to > also plan the tcpdns probe *before* the direct probe finishes and > prevents the tcpdns one from being planned. You seem to want dnssec-trigger to probe in a different sequence of fallback methods? At the design time the direct method was thought to be a better method than using a public-recursor fallback. The traffic on authority servers was not considered a problem. The bugzilla ticket is solving something which is not a bug but a feature. Designed in, as the order of the probes performed. The aim for the initial design was also to reduce load on that public resolver (hosted by us in the generic package). The direct (direct to authority servers) method works very often. And when it does it is very likely to produce DNSSEC support. Your patch also seems to have a race condition, I think, since you spawn both the direct and the dnstcp probes at the same time. Best regards, Wouter > Pavel > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1109292 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT63zSAAoJEJ9vHC1+BF+NLI0P/1/x29/8kZv5H9hdI6VQJBvp HjIVUZa5S/ajqLjwtPxXPoVTelwi5uLUSah+1kKc6tJA5oSMnPRuwy3xfVq1FD8J hP136PzTs8pt/1n9gcU+LPFExWshHQUjC7CHBHgDBt8WSYVqth12aAxAJPgmjsY4 Jr+NmU4jRct/aoVn73fXNqEsJJ6lG0ByvmYETpobRhQncTX868fe0fxLMD5OjZjy B+uWDokS4Glh2PP5V9/3SuZZBSSFf55HpsnWup5vC+Zt0xuUDpTd4J6Xl4plrJQF dHaNUgyuiZfZd/osgnDK6PBTXlCH2mpxNo+w8qQx2+tiShmtaGXpq+Y2xQFs815I z9ZLr6CUfTXvxjyqQKdmyPyGh3858+pLqts98pGq/02R7BbId7BndfxttWg3VnJY O6a5HgXfbA5ogooQLY8AWgOvrp7maEYDYOfx1v7j1gSkEP4AMTga5IAC/HbBZu+O nH2sAuuedZqYPsTT5bkApn2epedepji28M67BjYGv3YjgWza4FtrMkgwPlOG63TW NjhpeLf6qE4MPrOW+PnJE1/mbVGIulhese5fTldjVI0ia4E3ZX0NpIRbJUpoi89s HF66Cgv7mVogXvT4Nfnh3NHOMNRTMVSk2r2SDafesdqJqy2A48e/VgewR5jNkMgU BNbOIR02lnHHduNGMKjB =h46h -----END PGP SIGNATURE----- _______________________________________________ dnssec-trigger mailing list dnssec-trigger@NLnetLabs.nl http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger