DNS problems to RoadRunner - tcp vs udp

• Previous message (by thread): DNS problems to RoadRunner - tcp vs udp
• Next message (by thread): DNS problems to RoadRunner - tcp vs udp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott McGrath wrote:
[..]
> For a long time there has been a effective practice of
> 
> UDP == resolution requests
> TCP == zone transfers

WRONG. TCP is there as a fallback when the answer of the question is too 
large. Zone transfer you can limit in your software. If you can't 
configure your dns servers properly then don't run DNS.
Also note that botnets have much more effective ways of taking you out.

And sometimes domains actually require TCP because there are too many 
records for a label eg http://stupid.domain.name/node/651
If you are thus blocking TCP for DNS resolution you suddenly where 
blocking google and thus for some people "The Internet".

Also see:
http://homepages.tesco.net/J.deBoynePollard/FGA/dns-edns0-and-firewalls.html

(Which was the second hit for google(EDNS0) after a link to RFC2671)

Greets,
  Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080614/8dc85bfe/attachment.sig>

• Previous message (by thread): DNS problems to RoadRunner - tcp vs udp
• Next message (by thread): DNS problems to RoadRunner - tcp vs udp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]