managed-keys update when outgoing UDP is blocked
Tony Finch
dot at dotat.at
Tue Feb 25 16:24:22 UTC 2020
Branko Mijuskovic <branko.mijuskovic.hiag at gmail.com> wrote:
>
> But I'm curious, do you know does BIND failover to TCP if UDP timeouts
> during DNSKEY fetching?
Dunno. I have blocked both UDP and TCP on my hidden primary, and it is
refreshing its trust anchors via my recursive servers OK, so it is not
something I have had to worry about.
In general, port 53 should work for both UDP and TCP, or neither. If it's
half-blocked you'll get weird problems, and the solution is to fix the
network.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Fitzroy, Sole, Lundy, Fastnet: Northwesterly 4 or 5 in southwest Fitzroy,
otherwise 7 to severe gale 9, backing westerly 5 or 6 later. Very rough or
high, becoming rough or very rough later in Lundy and Fastnet. Squally wintry
showers. Good, occasionally poor.
More information about the bind-users
mailing list