tcp limitations

[Simon Waters]

Guy Pazi wrote:
> 
> I don't remember saying the number of queries to be requested by resolvers
> will change, I was asking what number of tcp connections will the SERVER
> support. So how many packets will be sent by Fed-Ex before Fed-Ex will have
> no one who will accept them? or, let's be metaphoric, when will the server
> start to drop (rst?) new requests for tcp connection?

As said privately this will be server OS and hardware
dependant (assuming you've avoided any software limits in
the nameserver).

> One more thing:
> Standards are great things. They have lots of advantages, they enable
> everyone to use the same thing correctly. But, by trying to be standards,
> they are a compromise between everyone's need.
> When trying to do an internal task, trying to use the standard is good for
> certain reasons, but a propriety solution might sometime fit better.
> Sticking to standards by all cost is a bit narrow minding, as I see it.

As far as I can tell RFC1035 makes it clear that TCP
connections to port 53 should work, so technically your not
outside the standards, unlike I suspect some nameservers.

"While virtual circuits can be used for any DNS activity,
datagrams are preferred for queries due to their lower
overhead and better performance"

However I'm still intrigued as to what security benefit this
should bring, given that presumably any vulnerabilities in
UDP are equally applicable to the external name server you
forward to.

-- 
Simon Waters
Are you using the Internet to best effect ?
www.eighth-layer.com
Tel: +44(0)1395 232769      ICQ: 116952768
Moderated discussion of teleworking issues at
news:uk.business.telework