using TCP53 for DNS

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Christopher L. Morrow:

> its a both directions thing. Some folks dropped tcp/53 TO their AUTH
> servers to protect against AXFR's from folks not their normal secondaries.

Ugh.  And they didn't think something like "permit tcp any any eq 53
established" was necessary?

>> Hopefully not.  Resolvers MUST be able to make TCP connections to
>> other name servers.
>
> It seems that what might be more common is resolver code not handling the
> truncate request properly :(

Caching resolvers or stub resolvers?  Caching resolvers would be quite
surprising, but you never know.

Certainly, there are some applications which cannot cope with large RR
sets (qmail comes to my mind).

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]