The old chestnut - is TCP necessary?
Simon Hobson
shobson0309 at colony.com
Fri Sep 17 07:26:22 UTC 2004
At 1:31 pm -0700 16/9/04, Roy S. Rapoport wrote:
> > I have a friend 8^) who wants to allow TCP DNS through the firewall. The
>> firewall people are not keen to do this. Telling them that "the
>> firewall is broken" unfortunately does not sway them. My friend needs
>> examples of real Internet domain lookups that truncate and require TCP.
>> Does anybody out there know of any?
>
>Why does it matter what other people have? Does your friend have a need for
>TCP DNS? If so, he should be able to demonstrate the need based on his own
>requirements, rather than someone else's requirements.
I'd have thought that if the spec states that TCP is required, then
TCP should be allowed. What is going on here is that the firewall
people are saying that real-world DNS queries don't use TCP and so
they won't allow it even though it breaks the specs.
What the OP is asking for is some examples he can use to show that
TCP really is used in real life, presumably because the argument "the
specs require it and if we don't do it then sooner or later we'll
have a strange and hard to diagnose DNS problem" hasn't persuaded
them.
I'd have thought that the 'need' for TCP is obvious - the spec says
it can be used anytime a query result won't fit in a UDP packet. That
for me is sufficient justification for allowing it, simply because we
can't tell, in advance, what size the results will be to EVERY query
we ever make in the future. Personally, I have enough headaches
without adding something like that to try and diagnose !
Simon
--
NOTE: This is a throw-away email address which will reach me for as
long as it stays spam-free, remove date for real address.
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
More information about the bind-users
mailing list