DNS and TCP
Bill Manning
bmanning at ISI.EDU
Wed Oct 2 17:48:00 UTC 2002
% I would like to provide them an example of where their blocking DNS
% services using TCP may cause problems. Specific possibilities that I
% can imagine would include:
%
% Large numbers of glue records (lots of NS records for the zone)
% Large numbers of answers (multiple records, maybe MX records?)
% Large answers (a large TXT record)
%
% Bill Larson (wllarso at swcp.com)
signed zones.
some SRV & NAPTR replies.
things with CERTs.
More interestingly, folks w/ EDNS0 capable systems will
generate replies that trigger UDP fragmentation. The
claim is that things like PIX will drop fragemented UDP
datagrams. Is this true? Will other firewall/IDS systems
do the same?
--bill
More information about the bind-users
mailing list