hickory-resolver retries NXDOMAINs over TCP if using `try_tcp_on_error` about trust-dns HOT 4 OPEN

Do you get the behavior you want when you disable retry over TCP?

Not really because it's expected for us to support TCP fallback. My crate has retry over TCP enabled for everyone by default with an optional config option for someone to toggle it off.

SRV queries on Matrix can have large responses which only TCP fallback can provide, and if a user has exhausted UDP resources then retrying on TCP is not a bad default to have. We just don't want it to be amplifying unnecessary amounts of DNS queries by retrying on NXDOMAIN.

from trust-dns.

it seems like this should really say if e.is_no_connections() || (opts.try_tcp_on_error && e.is_io())

I don't know all the cases where it makes sense to retry TCP on error except for too large DNS responses (e.g. SRV records), and UDP I/O error yeah, but on the surface this makes sense to me.

from trust-dns.

Do you get the behavior you want when you disable retry over TCP?

from trust-dns.

I do wonder if after a few of these revisions if this config value isn’t actually doing what should be the expected behavior. That is, we retry tcp no matter what in certain cases right now.

it seems like this should really say if e.is_no_connections() || (opts.try_tcp_on_error && e.is_io())

as I think you’re right that DNS failures shouldn’t the retried. I’d have to look for past issues in this area to understand how we ended up here. It’s possible that there are some odd configurations in the wild where local DNS servers are improperly responding to queries, though that really shouldn’t be handled in this location.

from trust-dns.