tcp/udp, clarification please
Michael Kjorling
michael at kjorling.com
Wed Oct 10 17:51:02 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wrong. Any sane DNS implementation will first try using UDP, and (in
case the response is truncated) MAY retry the query using TCP. I
belive the RFCs say MAY and not MUST. Can't remember in what RFC the
meaning of these words were codified, but it is there somewhere.
Zone transfers always work over TCP, though. There may be other parts
of DNS which uses TCP by default, and as someone (was it Kevin?)
pointed out a while back some ancient platforms don't have UDP in
their IP stack so they are stuck with TCP.
I can't belive so many people want to "secure" their DNS servers by
only allowing UDP... it causes major trouble and at the _very_ least
serious delays if the response is too big to fit into a single UDP
packet and TCP is blocked.
Michael Kjörling
On Oct 10 2001 17:40 +0100, arvid at carlander.ac wrote:
> Eoin,
>
> TCP is used normally and UDP is used if TCP fails, so disallowing TCP at
> your firewall would cause delays and retransmissions.
>
> -Arvid
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE7xIqLKqN7/Ypw4z4RAqD6AKDXdamWeosS53qlc5JaiLryXWMZ7QCg+RlG
7zpHIfRLNiCuMDxt4orUnE4=
=CcU5
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list