--On 13 January 2010 20:34:49 +0000 Jim Reid <j...@rfc1035.com> wrote:
An EDNS0 ignorant resolver MUST issue the priming query over UDP.
I presume you mean DNSSEC ignorant.
That's implicit. The language was in Olafur's original text BTW...
If a resolver doesn't speak EDNS0, it can't set the DO bit. Which means
the authoritative server isn't supposed to send back DNSSEC-related RRs.
Unless the resolver explicitly queries for those RRtypes. Which seems
unlikely, particularly in the context of a priming query. It would be
very odd for a DNS implementation to be DNSSEC-aware and not support
EDNS0. Then again, the DNS is full of all sorts of weirdness and bizarre
implementations.
I understand DNSSEC support implies EDNS0 support. What I meant was
that if the rationale for using TCP is merely that a large
packet won't fit into a normal EDNS0 window, and that
otherwise TCP is a bad thing as it creates server load, then
we should apply the injunction to use UDP (or more accurately
not use TCP) to any scenario where we know that large packet
isn't going to arrive. Current operational practice would
result in DO clear packets fitting within 4096 bytes,
so no need for TCP when DO is clear.
I thought it might be an error as the section title in your
proposed text doesn't match the section text, but that's
actually because two section titles are the same which
I think is the problem.
Thinking about it, a total prohibition (at MUST level) of using TCP
is probably a bit harsh given we don't even know they have UDP
connectivity. Perhaps "MUST issue the priming query *first*
over UDP", or use a SHOULD.
--
Alex Bligh
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
