From: Rich Felker <dalias@libc.org>
To: Markus Wichmann <nullplan@gmx.net>
Cc: musl@lists.openwall.com
Subject: Re: [musl] Question about tcp failure in udp truncated scenarios
Date: Fri, 13 Sep 2024 10:38:37 -0400 [thread overview]
Message-ID: <20240913143837.GY10433@brightrain.aerifal.cx> (raw)
In-Reply-To: <ZuRLy8albBM87SBF@voyager>
On Fri, Sep 13, 2024 at 04:27:23PM +0200, Markus Wichmann wrote:
> Am Fri, Sep 13, 2024 at 01:56:49PM +0000 schrieb JinCheng Li:
> > Hi
> >
> > I have a question for __res_msend_rc in dns query. In the case of multiple nameservers, if the first vaild udp query result is truncated, musl will discard the udp query result and turn to tcp query. But I found many dns nameservers do not response to the tcp connection or do not respond to tcp query request which will finally trigger timeout. As a result, the success rate of DNS queries is greatly reduced when udp is truncated, for example, in the case of only IPV4.
> > In bionic, the dns query in multiple nameservers is one by one. The first udp is truncated, if the tcp also fail, it will turn to the second udp and do it again. This may be slower than musl in terms of speed, but is more stable in truncation cases.
> > In musl, if the udp truncated case has happened, we will convert to tcp which is more likely not supported by the nameserver and discard all other udp response which may be also valid from other nameserver . Do you have any good suggestions to optimize this?
> >
>
> Basically, when that happens, the server is broken. musl supports
> multiple DNS servers for redundancy only. So if a UDP query gets a TC
> response, we assume that that is the only possible response to the
> query. Any other server must send the same response. If that is not the
> case, your DNS is misconfigured.
>
> The server not responding on TCP is a violation of RFC 7766. TCP is
> simply not optional for DNS servers anymore.
Exactly. Assuming we need a response larger than the UDP max to
satisfy the query, inability to obtain that is a hard error that needs
to be reported to the caller.
When TCP support was added, however, there was the question of whether
we should (either always, or optionally) make it so the high-level
resolver functions (getaddrinfo and the legacy gethostbyname family)
avoid doing TCP fallback if the truncated UDP response contains a
sufficient answer (nonzero number of records of the requested type).
This could still be considered if it would improve things in some
environments...
Rich
prev parent reply other threads:[~2024-09-13 14:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 13:56 JinCheng Li
2024-09-13 14:27 ` Markus Wichmann
2024-09-13 14:38 ` Rich Felker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240913143837.GY10433@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
--cc=nullplan@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).