tcp versus udp
Danny Mayer
mayer at gis.net
Wed May 6 04:00:12 UTC 2009
Peter Dambier wrote:
> Hello Martin,
>
> since a major outage at my provider, dtag.de or Deutsche Telecom AG, I have trouble
> with f.root-servers.net. Sometimes "dig ... +vc" does help me to see f.root-servers.net.
>
> The real problem is anycast. With udp it behaves different than with tcp.
That's nonsense. anycast is invisible to this. anycast doesn't care if
it's udp or tcp, it only deals with the routing tables to determine
where to send the request packet.
>
> When querying servers that are difficult to reach, sometimes you are more lucky with
> tcp than with udp.
Only if they are misconfigured.
>
> Amplification attacks using nameservers don't work with tcp.
>
> Sometimes bugs in resolvers sometimes in clients cause failover to tcp.
>
> With DNSSEC tcp is almost a must. Same with IPv6.
>
This is also untrue. DNSSEC has EDNS0 as a prerequisite and IPv6 fits
into any EDNS0 packet unless there's too much for even for the larger
EDNS0 packets. TCP is only required if the answer doesn't fit in the
packet. There are lots of firewalls, etc. that do not handle EDNS0 but
that is a different question.
Danny
More information about the bind-users
mailing list