[e2e] Early FIN/close for query-response TCP connections like DNS's

Stefanos Harhalakis v13 at v13.gr
Fri Oct 29 06:06:42 PDT 2010 

Hello,

On Friday 15 of October 2010, Fernando Gont wrote:
> On 30/09/2010 05:24 p.m., Stefanos Harhalakis wrote:
> > IOW: Since we know that this connection will have a Query and a Response,
> > why not half-close the connection after the query is sent? This requires
> > no modifications to TCP's behavior and will save at least RTT/2 because
> > the server side will not wait for a FIN before closing. (no?)
> 
> Are you aiming at reducing state on servers?
> 
> If that's the case, one might argue that you still need to handle this
> (and any other) sequence gracefully... or else expect that you might be
> the subject of DoS attacks....

While reading old mails of end2end-interest, I was left with the impression 
that there is concern about the TIME_WAIT state of DNS servers and the port 
allocation period. Having that in mind, I came with the above proposal.

>From what I understand, (when using my proposal) since a DNS client would be 
the first to close the connection, it will have to wait in TIME_WAIT and the 
server will not. In contrast, with the current situation, if a server supports 
persistent connections, it should wait for the client to close the connection 
first, meaning that the DNS server will have to TIME_WAIT.

Early half-closing of a connection is not a violation of TCP and does not 
affect the reliability of the connection. The connections are still closed 
gracefully and there is no possibility of data loss or DoS attacks. 
Furthermore, the proposal does not require any modifications at all in the 
server's implementation and could be implemented with very few changes in 
clients.

I've tested the proposal against BIND using a custom-made client and:
a) It works very well, meaning that the BIND's implementation is able to 
handle half-closed connections without a problem
b) It seems that BIND does not support persistent TCP connections and thus it 
cannot be used for tests right now.

Of course I can share the code if you like.

If you can give me any hints on how I can further test this I'll be grateful.

More information about the end2end-interest mailing list