As we have more and more DNS over TCP (large responses, response rate limitation, even TLS for privacy) I think we should fix the way DNS over TCP is supposed to be handled by servers. Quoting RFC 1035 4.2.2 "TCP usage":
- The server should assume that the client will initiate connection closing, and should delay closing its end of the connection until all outstanding client requests have been satisfied. - If the server needs to close a dormant connection to reclaim resources, it should wait until the connection has been idle for a period on the order of two minutes. In particular, the server should allow the SOA and AXFR request sequence (which begins a refresh operation) to be made on a single connection. Since the server would be unable to answer queries anyway, a unilateral close or reset may be used instead of a graceful close. A 2mn timeout simply has no chance to scale. So I propose: - make clear that TCP support is mandatory. - allow servers to use the timeout they like, even a zero timeout (the last point should be discussed). Note a zero timeout doesn't mean "send the response and close" but "send the response, check there is not pending query, and close". Now there are the not technical questions to solve first: - is DNSOP chartered to do this? Point 4 says "protocol maintenance" and point 5 allows more if the area director agree. - is 5966bis the right place? I don't think so but another document means the 5966bis will be delayed... Regards francis.dup...@fdupont.fr PS: I'll try to raise this at the mic if there is still enough time (as this message is sent during the DNSOP session at the 92th IETF). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop