On Sat, Apr 5, 2014 at 8:12 PM, Mark Andrews <ma...@isc.org> wrote: > > In message > <CAAF6GDeFhst9DyW1jpgb7JkrPG-KmDSM49ey_Ny+F=wsr_y...@mail.gmail.com>, > =?ISO-8859-1?Q?Colm_MacC=E1rthaigh?= writes: >> On Sat, Apr 5, 2014 at 3:44 PM, Mark Andrews <ma...@isc.org> wrote: >> >> > >> > ; EDNS: version: 0, flags:; udp: 4096 >> > >> >> ... >> >> >> > ;; ANSWER SECTION: >> > _http._tcp.pkg.freebsd.OrG. 3485 IN SRV 50 10 80 >> > pkg0.bme.freebsd.org. >> > _http._tcp.pkg.freebsd.OrG. 3485 IN SRV 10 10 80 >> > pkg0.isc.freebsd.org. >> > _http._tcp.pkg.freebsd.OrG. 3485 IN SRV 90 10 80 >> > pkg0.ydx.freebsd.org. >> > _http._tcp.pkg.freebsd.OrG. 3485 IN SRV 20 10 80 >> > pkg0.nyi.freebsd.org. >> > >> >> ... >> >> >> > ;; ADDITIONAL SECTION: >> > gns0.freebsd.OrG. 3484 IN A 8.8.178.30 >> > >> >> It'd probably be beneficial for the additional section to contain the >> A/AAAA records sets for the SRV targets here (which are in bailiwick, and >> there's no other zonecut as far as I can tell), and could help avoid >> another round-trip before the connect() can even be called. >> >> It's speculation on my part, but that behavior might be holding back SRV. >> It's probably a hard-sell to expect browsers to perform two queries instead >> of one, and to double the time they spend in DNS resolution. >> >> -- >> Colm > > They are marginally more expensive over a raw A/AAAA record and > just as expensive as a CNAME record. You either wait for the > recursive server to follow the CNAME chain in the first lookup or > you wait for the second lookup. If the recursive server as the > addresses you don't wait in either case and you get the address > records either in the answer or additional sections. > > Add a little more smarts to the recurive server and it can prioritize > the records it add to the additional section based on SRV values. > The brower can do any missing address records lookups while doing > the initial connect.
Or if we decide to add in encryption into the DNS client-server protocol do it in a way that allows multiple queries per request transaction and multiple UDP packets per response. That way the benefit of DNSE is not just better security, there is a performance advantage and improved functionality as well. -- Website: http://hallambaker.com/ _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
