The old chestnut - is TCP necessary?

[Simon Hobson]

At 1:31 pm -0700 16/9/04, Roy S. Rapoport wrote:

>  > I have a friend 8^) who wants to allow TCP DNS through the firewall. The
>>  firewall people are not keen to do this.  Telling them that "the
>>  firewall is broken" unfortunately does not sway them.  My friend needs
>>  examples of real Internet domain lookups that truncate and require TCP.
>>  Does anybody out there know of any?
>
>Why does it matter what other people have? Does your friend have a need for
>TCP DNS? If so, he should be able to demonstrate the need based on his own
>requirements, rather than someone else's requirements.

I'd have thought that if the spec states that TCP is required, then 
TCP should be allowed. What is going on here is that the firewall 
people are saying that real-world DNS queries don't use TCP and so 
they won't allow it even though it breaks the specs.

What the OP is asking for is some examples he can use to show that 
TCP really is used in real life, presumably because the argument "the 
specs require it and if we don't do it then sooner or later we'll 
have a strange and hard to diagnose DNS problem" hasn't persuaded 
them.

I'd have thought that the 'need' for TCP is obvious - the spec says 
it can be used anytime a query result won't fit in a UDP packet. That 
for me is sufficient justification for allowing it, simply because we 
can't tell, in advance, what size the results will be to EVERY query 
we ever make in the future. Personally, I have enough headaches 
without adding something like that to try and diagnose !

Simon

-- 

NOTE: This is a throw-away email address which will reach me for as 
long as it stays spam-free, remove date for real address.

Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.