On Sat, Aug 9, 2025 at 5:38 AM Måns Nilsson <mansaxel@besserwisser.org> wrote:
Regarding TCP, yes, this is a potential issue. You can think about it and it will grow in your mind, or you can do some observations and conclude that unless you messed your routing up really badly (which is not DNS' fault but still on-topic here) the mean session length for a client-to 1st hop resolver TCP session is going to be orders of magnitude shorter than the times between routing updates that make a certain router change its mind about which anycast node is the closest one.
Hi Måns, This is a case of misunderstanding what the numbers are telling you. Yes, the failure rate is low, but it's not random. It's not a case of 99 queries work, 1 doesn't. and you try again and it works. It's a case of queries work for 99 people and 1 person with just the wrong connections to the network graph experiences persistent failures. And then your front-line customer support blames the customer for your error because obviously it's working for everybody else. If it doesn't work in the corner cases then it doesn't work. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/