using TCP53 for DNS

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Apr 2005, Florian Weimer wrote:

> * Christopher L. Morrow:
>
> > its a both directions thing. Some folks dropped tcp/53 TO their AUTH
> > servers to protect against AXFR's from folks not their normal secondaries.
>
> Ugh.  And they didn't think something like "permit tcp any any eq 53
> established" was necessary?
>

that only helps for outbound from the server :( not: "Hey, this response
is going to be too big, come back on TCP!" :(

> >> Hopefully not.  Resolvers MUST be able to make TCP connections to
> >> other name servers.
> >
> > It seems that what might be more common is resolver code not handling the
> > truncate request properly :(
>
> Caching resolvers or stub resolvers?  Caching resolvers would be quite
> surprising, but you never know.

I've seen Windows DNS servers misbehave in this way as well as some
firewalls performing DNS cache/proxy for clients internal to
enterprises... (the ms boxen doing it was cache servers of course)

>
> Certainly, there are some applications which cannot cope with large RR
> sets (qmail comes to my mind).
>

oh, that has to suck for email delivery, eh? :(

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]