BIND and TCP
Barry Margolin
barmar at alum.mit.edu
Sat Sep 24 15:47:28 UTC 2005
In article <dh24bc$222r$1 at sf1.isc.org>,
"Michael Bernhardt" <MBernha at bart.gov> wrote:
> I understand that BIND will use TCP for queries when the packet size of 512
> is insufficient (if that's not correct, please educate me). I also am to
> understand the RFC supposedly requires that DNS use TCP in these
> circumstances. But we do not want to be bothered with everyone and their
> bored brothers being able to do any more than absolutely necessary.
Every now and then, Network Solutions configures something in the
NSxx.WORLDNIC.COM servers where they automatically respond to queries
with a Truncated response, even though the data would not actually be
bigger than 512 bytes. They do this until the client performs a TCP
query, and then they act normally for that client. I think it's some
kind of anti-DoS mechanism or intrusion protection thing on the
firewalls in front of the servers.
Until recently the DNS proxy that my company provides didn't support
failing over to TCP, and every few months when Network Solutions enabled
this it would cause all our customers to have problems resolving the
domains that Network Solutions hosts.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list