Sorry for the late reply, I'm catching up with old mail.
Ray Bellis <r...@bellis.me.uk> wrote:
> On 16/07/2015 22:41, Shane Kerr wrote:
> >
> > I think it is worse than flooding with UDP. It allows "fire and forget"
> > actions from clients:
> >
> > # we can comfortably fit 20 queries into a single 1280-byte packet
> > for i = 1 to 20:
> > packet.append(EXPENSIVE_QUERY)
> > conn = socket.connect_tcp("someserver", port=53)
> > conn.write(packet)
> > # the process can quit and the queries still go...
> > exit(0)
>
> That shoudn't be possible - as soon as the client side exits the socket will
> get closed and any subsequent writes from the server side will generate an
> error. AIUI, some IP stacks will even flush the read buffer if they detect a
> fully closed socket?
Current released versions of BIND behave badly if you pipeline a large
number of requests into a TCP connection. BIND reads and buffers requests
from a TCP connection eagerly, independent of request processing, and it
fails to notice that the connection has closed until it has finished
processing the buffer. This can take a long time because BIND (pre 9.11)
processes TCP queries serially.
But this is an implementation problem which has been fixed; it is not
inherent in DNS-over-TCP.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
