I’ve released a new version of dudders, 1.04, and finally submitted it as a package to OpenWRT. The focus of this release was on making the update more robust to network failure as the result of an email correspondence with Peter Holik. I am of the opinion that DNS UPDATE is a strong candidate for being TCP by default (along with zone-transfers).
In RFC 1123 it is stipulated that:
a DNS resolver or server that is sending a non-zone-transfer query MUST send a UDP query first.
However, if you are doing a DNS UPDATE you really want the reliability that TCP offers, even if you don’t expect truncation to be an issue. The update is sent to the relevant authority server, so the arguments about load on root servers in the RFC aren’t applicable.
I’ve made the UDP implementation retry by default, but I think if you need more than 2 retries, you should be considering using TCP with its (much more advanced) retransmission algorithms.
Peter also found a bug in glibc’s res_send (actually in their send_dg function) whereby the resolver interprets the lack of the DNS “recursion available” flag in the header as an error. However, that flag isn’t even meaningful for DNS UPDATE responses; according to RFC 2136, those bits:
Should be zero (0) in all requests and responses. A non-zero Z field should be ignored by implementations of this specification.
As a result, glibc was setting errno to ECONNREFUSED or ETIMEDOUT even when the update was successful. I’ve hacked dudders to double-check after res_send, but it’s making me question the wisdom of using res_send at all, given that I’m constantly working around it.
Update: submitted glibc bug report #11950
To get dudders-1.04 on OpenWRT, simply update the official package feed and select dudders from the Net > DNS > dudders menu in the buildroot config. For systems other than OpenWRT, you can grab the source from sourceforge, or even github.
