maybe a dumb idea on how to fix the dns problems i don't know....
jabley at ca.afilias.info
Sun Aug 10 10:23:19 CDT 2008
On 10 Aug 2008, at 01:45, Paul Vixie wrote:
> SYN flooding is a specific instance of "have to hold too much state"
> the reason for not considering TCP mandatory is the general form of
> "have to
> hold too much state".
It may be worth clarifying that "not considering TCP mandatory" above
is an implementation/operational choice, and not something that seems
to be clearly endorsed by RFC 1035, such as it is.
There are a lot of people who insist that TCP transport is used for
nothing other than zone transfers in the DNS, and they do so not out
of concern over potential TCP state explosion on their servers but
instead because "that's what the last guy told me". That kind of
reasoning doesn't need a bigger posse.
The DNS assumes that messages will be transmitted as datagrams or in a
byte stream carried by a virtual circuit. While virtual circuits can be
used for any DNS activity, datagrams are preferred for queries due to
their lower overhead and better performance. Zone refresh activities
must use virtual circuits because of the need for reliable transfer.
The Internet supports name server access using TCP [RFC-793] on server
port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
port 53 (decimal).
More information about the NANOG