David Conrad wrote: > On Apr 27, 2017, 4:28 PM -0700, Paul Vixie via Unbound-users > <[email protected]>, wrote: > >> so in effect, TCP is not required, and will never be required. the >> installed base and its long tail matter more than the wording of 1035. > > https://tools.ietf.org/html/rfc7766, proposed standard updates 1035 and > 1123: > > " This document therefore updates the core DNS protocol specifications > such that support for TCP is henceforth a REQUIRED part of a full DNS > protocol implementation." > > Yes, I know about the "installed base" argument and usually agree with > it. However, Internet standards evolve and, when it makes sense, the > Internet follows suit. In this case, I think the benefits of TCP support > given DNSSEC, privacy, spoof protection, etc., will be sufficient to > move the needle over time.
i'll go further: i think that's a good clarification of and alteration to the standards. i just don't think it's wise to expect a tcp-only initiator, or a tcp-only responder, to function reliably. (ever.) so the standard is nominal, and should guide other standards, but in this case may give unusable guidance to implementers and operators. -- P Vixie
