Anycast 101

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Dec 17 17:04:17 UTC 2004


On Thu, 16 Dec 2004 17:18:12 PST, Crist Clark said:

> Into a UDP response. A resolver will recieve the first 512 bytes of the
> truncated response and may then use TCP to get the complete response...
> unless there is a firewall blocking 53/tcp in the way. But how often
> does that happpen?

You're new here, aren't you? ;)

It happens *all* *the* *time* (probably just as often as sites that block
all ICMP including 'frag needed' and wonder why PMTU Discovery breaks and
connections hang).

The *real* operational problem is that almost 100% of the time that there's
a firewall blocking 53/tcp, the person running the firewall is (a) unaware
that it's blocking it and (b) doesn't even realize that DNS *can* use TCP....

Quite often, there's even a "(c) they don't even know they have a firewall" just
to make things really interesting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041217/75bbd94b/attachment.sig>


More information about the NANOG mailing list