Re: EDNS0 revisions

[Edward Lewis <Ed.Lewis@neustar.biz>]

At 9:13 +1100 12/22/07, Mark Andrews wrote:

> 	I think formalising the reaction to timeout for EDNS failues
> 	to fall back to plain DNS is wrong.  As dependany of EDNS
> 	increases (e.g. DNSSEC) it is much more important that
> 	packet loss is treated as packet loss and not broken servers
> 	/ middle boxes.

I side with Paul's opinion - it's better to let non responses cause 
state changes.  In 2004 or so I ran some tests for lame servers and 
observed these two things:

1) I would reissue a query up to 10 times before giving up to see 
what was the tipping point - at what point were retries generally not 
worth the effort.  From my now lost records and dusty memory, 
counting 100% as the pool of queries ever answered, over 99% were 
answered on the first try.  The number answering to the 2nd, 3rd, 
..., 10th try, never went to 0 but were all pretty negligible.

Caveat - YMMV...as is always the case with any experiment.  I was on 
an office-grade T-1 and self-rate-limited the UDP's out so they 
didn't trip on themselves at the first hop.

2) There are name server implementations that will silently discard a 
query by policy.  One implementation refused to respond to any query 
it felt it wasn't supposed to see.  I would have expected (as BIND 
does in this case) to see a referral to the root.

After some discussion I was convinced that there was merit to this 
approach, although the puritanical client-server protocol guy I am 
bristles with the notion that silence means error.  But that's the 
network we have now.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>