Phil Mayers wrote the following on 11/14/2013 2:39 AM:
On 13/11/13 22:21, Carl Byington wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 2013-11-13 at 16:49 -0500, Barry Margolin wrote:
It means that users will have to wait for an arbitrary
number of timeouts before the browser can give them an error message.
Well, the browser *could* of course give a message like "I have tried $N
out of $M possible ip addresses with no success - do you want to abandon
this?" at any time while trying that collection of ip addresses.
The other approach is to try them all in parallel, sort of like ipv4 and
ipv6 parallel connection attempts in http://tools.ietf.org/html/rfc6555
Parallel is bad - they *should* be stagged by $RTT*$FACTOR, otherwise
you just flood the link with SYN & SYN/ACK packets, all but one of
which are wasted, and may have consumed bandwidth, buffer space, NAT
and firewall session resources, to name but a few.
I think there are better solutions than publishing an enormous list of
A/AAAA records, personally, and I think it's good that browser
manufacturers aren't blasting out 6 SYNs every time someone types
www.google.com...
On a related note, I have seen recent Comtrend DSL modems (w/ integrated
router and DNS cache) send out parallel DNS requests to both of the
configured DNS servers. The debug log on the modem indicates that the
modem throws away latter responses.
I agree that staggered might be a softer approach that is less resource
intensive and will likely achieve the same (or perhaps better) result if
all services are working. In the case of degraded service, the more
aggressive parallel client will likely be faster. As a server and
network admin, I guess we have to anticipate and prepare for clients
that might be considered borderline abusive.
--Blake
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
