maybe a dumb idea on how to fix the dns problems i don't know....

Joe Abley jabley at
Sun Aug 10 10:23:19 CDT 2008

On 10 Aug 2008, at 01:45, Paul Vixie wrote:

> SYN flooding is a specific instance of "have to hold too much state"  
> whereas
> the reason for not considering TCP mandatory is the general form of  
> "have to
> hold too much state".

It may be worth clarifying that "not considering TCP mandatory" above  
is an implementation/operational choice, and not something that seems  
to be clearly endorsed by RFC 1035, such as it is.

There are a lot of people who insist that TCP transport is used for  
nothing other than zone transfers in the DNS, and they do so not out  
of concern over potential TCP state explosion on their servers but  
instead because "that's what the last guy told me". That kind of  
reasoning doesn't need a bigger posse.


4.2. Transport

The DNS assumes that messages will be transmitted as datagrams or in a
byte stream carried by a virtual circuit.  While virtual circuits can be
used for any DNS activity, datagrams are preferred for queries due to
their lower overhead and better performance.  Zone refresh activities
must use virtual circuits because of the need for reliable transfer.

The Internet supports name server access using TCP [RFC-793] on server
port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
port 53 (decimal).

More information about the NANOG mailing list