Date: Sun, 3 May 2020 15:45:50 -0400 From: Rich Felker <dalias@...c.org> To: Florian Weimer <fw@...eb.enyo.de> Cc: musl@...ts.openwall.com Subject: Re: TCP support in the stub resolver On Sun, May 03, 2020 at 09:34:31PM +0200, Florian Weimer wrote: > * Rich Felker: > > >> Can't you do DNS with really large packet sizes on localhost? > >> > >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 > >> > >> That's the one place where TCP does not make much sense, except to get > >> the last 30 or so bytes in packet size. > > > > No, the protocol simply does not support it. Normal (non-EDNS) DNS > > protocol forbids UDP packets over 512 bytes. A nameserver that replied > > with them rather than with TC would be non-conforming and would break > > conforming clients that expect to see the TC rather than a short read. > > With EDNS0 longer packets can be sent but I think there's still a > > limit of 4096 bytes or something. I don't understand this entirely so > > I may be wrong and it may be possible to just support EDNS0 and say > > "run a server with 64k EDNS0 limit on localhost if you want to > > guarantee non-truncated replies". > > On localhost, one could just disregard the protocol limit, perhaps > with special configuration of the recursive resolver. (The stub > resolver would not need configuration, it just has to accept the > packets if they arrive.) No you can't because it's a permanent public interface contract. You may have foreign-libc binaries or static linked binaries from before that policy change or from a party who disagrees (rightly so) with that policy change. > The other option would be to use a UNIX Domain datagram socket instead > of UDP. Since it is a new transport protocol, it's possible to make > up different rules about packet sizes. Putting unix domain nameservers in resolv.conf directly would likewise be incompatible with the above. You could do it in some way that they don't see/care about, but then it's a matter of inventing new policy mechanisms which musl explicitly seeks to avoid. (E.g. that's why we used nscd protocol for alternate passwd/group backends rather than NIH'ing something.) Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.