Re: DNS problems to RoadRunner - tcp vs udp

[Jeroen Massar <jeroen () unfix org>]

Scott McGrath wrote:
[..]
> For a long time there has been a effective practice of
>
> UDP == resolution requests
> TCP == zone transfers

WRONG. TCP is there as a fallback when the answer of the question is too 
large. Zone transfer you can limit in your software. If you can't 
configure your dns servers properly then don't run DNS.
Also note that botnets have much more effective ways of taking you out.

And sometimes domains actually require TCP because there are too many 
records for a label eg http://stupid.domain.name/node/651
If you are thus blocking TCP for DNS resolution you suddenly where 
blocking google and thus for some people "The Internet".

Also see:
http://homepages.tesco.net/J.deBoynePollard/FGA/dns-edns0-and-firewalls.html

(Which was the second hit for google(EDNS0) after a link to RFC2671)

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature