On Mon, Dec 13, 2010 at 09:35:47AM +0100, Stephane Bortzmeyer wrote:
On Mon, Dec 13, 2010 at 09:30:18AM +0100,
bert hubert bert.hub...@netherlabs.nl wrote
a message of 286 lines which said:
Dec 13 09:23:54 [1] all-wikileaks.bortzmeyer.fr.: truncated bit set,
retrying via TCP
This is not perfect: with BIND and Unbound, there is no fallback to
TCP since they use EDNS0 (with a default buffer size of 4096 bytes,
which is enough for this RRset). Why does PowerDNS do not use EDNS0?
We actually have that code, and it turns out it leads to a lot of fallback
to non-EDNS0 after timeouts. The net effect of EDNS0 usage is heavily
negative, especially when truncated answers are rare.
Since almost no TCP overhead is saved, each timeout caused by EDNS0-probing
is very expensive. Let alone the EDNS0 path MTU probing etc.
In short, for non-DNSSEC workloads, it is not worth it.
A nice middleground is what Nominum does, only try EDNS0 in case a tc=1
answer is seen, that might be worth it.
But, the logic is there in the PowerDNS Recursor, and it will be hooked up
again once we do DNSSEC for validation.
Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
