> On 26 Jan 2016, at 07:53, joel jaeggli <joe...@bogus.com> wrote: > >> >> For DNS-over-DTLS-over-UDP, we should not need to negotiate the >> client or server capability to send multiple DNS queries over the >> same DTLS connection; the mere act of negotiating DTLS indicates the >> ability to handle subsequent DNS queries using that same DTLS >> connection. The same might also be true of DNS-over-TLS-over-TCP, in >> fact? I mean, is there a client or a server that wants to use >> DNS-over-TLS-over-TCP and _not_ also have the ability to keep their >> TCP connection alive for later DNS queries over that same TLS >> connection? Perhaps for both DNS-over-TLS, and DNS-over-DTLS, the >> semantics of edns-tcp-keepalive are implied? > > that is an interesting reading. though I'd want to hear an implementor > or two say they interpreted it that way.
The DNS-over-TLS draft (https://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-05) discusses this explicitly in section 3.4: “Whereas client and server implementations from the [RFC1035 <https://tools.ietf.org/html/rfc1035>] era are known to have poor TCP connection management, this document stipulates that successful negotiation of TLS indicates the willingness of both parties to keep idle DNS connections open, independent of timeouts or other recommendations for DNS-over-TCP without TLS. In other words, software implementing this protocol is assumed to support idle, persistent connections and be prepared to manage multiple, potentially long-lived TCP connections." And then informationally references edns-tcp-keepalive and a mechanism that may be useful in signalling idle timeouts for long-lived TCP connections. Sara.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
