MoinQ: DNS/RFC/7766

1. DNS/RFC/7766

https://tools.ietf.org/html/rfc7766

DNS Transport over TCP - Implementation Requirements

Obsoletes: 5966

2. 1

However, transport of UDP packets that exceed the size of the path MTU causes IP packet fragmentation, which has been found to be unreliable in many circumstances.

• Many firewalls routinely block fragmented IP packets, and some do not implement the algorithms
  • necessary to reassemble fragmented packets.
  Worse still, some network devices deliberately refuse to handle DNS packets containing EDNS0 options. Other issues relating to UDP transport and packet size are discussed in [RFC5625].

The future that was anticipated in RFC 1123 has arrived, and the only

• standardised UDP-based mechanism that may have resolved the packet size issue has been found inadequate.

パケットを巨大化させてもUDPを使い続けるというのはもう適切とはいえない。(意訳)

3. 5

5. Transport Protocol Selection

• Section 6.1.3.2 of [RFC1123] is updated: All general-purpose DNS implementations MUST support both UDP and TCP transport. o Authoritative server implementations MUST support TCP so that they
  • do not limit the size of responses to what fits in a single UDP packet.

TCP MAY be used before sending any UDP queries.

• If the resolver already has an open TCP connection to the server, it SHOULD reuse this connection.

In essence, TCP ought to be considered a valid alternative transport to UDP, not purely a retry option.