On Fri, Nov 5, 2021 at 10:02 AM Wessels, Duane <dwess...@verisign.com> wrote:
> > > > On Nov 1, 2021, at 3:29 PM, Erik Kline <ek.i...@gmail.com> wrote: > > > > Caution: This email originated from outside the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > > >>> [S4.1, comment] > >>> > >>> * "Resolvers and other DNS clients should be aware that some servers > >>> might not be reachable over TCP. For this reason, clients MAY want > >>> to track and limit the number of TCP connections and connection > >>> attempts to a single server." > >>> > >>> I think the same comment could be made about paths to a server from > >>> a given network, e.g., in the case of one network filtering TCP/53 for > >>> some reason. > >>> > >>> I'm not sure how to best reword this to add a per-network notion to > >>> TCP connection success tracking, but I did want to note that a mobile > >>> client's measure of TCP connection success to a single server might > >>> vary from network to network. (for your consideration) > >> > >> Is this because mobile devices are more likely to have multiple network > choices (say wifi and cellular data) and so the device should include the > local network when remembering which works and which doesn’t? > > > > Yes, they have multiple networks simultaneously and also through time. > > What's reachable/unreachable on one network might not be > > reachable/unreachable on another. Just moving from one Wi-Fi SSID to > > another can make a difference, e.g.: > > > > * imagine two SSIDs that each hand out 8.8.8.8 but have different > > TCP 53 filtering policies, and > > > > * (more concretely) I have DNS-over-TLS active on my phone and on > > one nearby coffee shop SSID TCP 853 is blocked while on another > > everything works just fine > > > > (Hopefully I'm making some kind of sense.) > > Thanks Erik, how does this look to you? > > <t>Resolvers and other DNS clients should be aware that some > servers might not be reachable over TCP. For this reason, clients > MAY track and limit the number of TCP connections and > connection attempts to a single server. Reachability problems > can be caused by network elements close to the server, close > to the client, or anywhere along the path between them. Mobile > clients that cache connection failures MAY do so on a per-network > basis, or MAY clear such a cache upon change of network.</t> > > DW > > LGTM. s/MAY/SHOULD/g also LGTM (since I know some mobile OSes already do stuff like this) Thanks!
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
