large organization nameservers sending icmp packets to dns servers.
jtk at ultradns.net
Sat Aug 11 02:55:16 UTC 2007
On Fri, 10 Aug 2007 16:11:04 -0700
Douglas Otis <dotis at mail-abuse.org> wrote:
> TCP offers a means to escape UDP related issues. On the other hand,
> blocking TCP may offer the necessary motivation for having these UDP
> issues fixed. After all, only UDP should be required. When TCP is
> designed to readily fail, reliance upon TCP seems questionable. As
> DNSSEC in introduced, TCP could be relied upon in the growing number
> of instances where UDP is improperly handled.
As a datapoint I ran some tests against a reasonably diverse and
sizeable TLD zone I work with in another forum. I queried the name
servers listed in the parent to see if I could successfuly query
them for their corresponding domain name they are configured for
using TCP. Out of about 9,300 unique name servers I failed to
receive any answer from about 1700 of them. That is a bit more
than an 18% failure rate.
More information about the NANOG