[dns-operations] The possible problems after May 5th

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Apr 8 06:50:27 UTC 2010

On Thu, Apr 08, 2010 at 10:21:33AM +1000,
 Mark Andrews <marka at isc.org> wrote 
 a message of 36 lines which said:

> If you block DNS over TCP 

In my text, I used things like "Clean TCP path", not "*you* block TCP"
assertions because the ability to perform a request over TCP depend on
several actors (the resolver, the firewall, the authoritative name
server - Akamai still does not allow TCP).

> If you block UDP DNS packets bigger than 512 bytes then DNS lookups
> will be slower than they should be.

This assumes that the resolver retries when replies to EDNS queries
don't come back. BIND does it (after a timeout expired) but what do
other resolvers do?

More information about the dns-operations mailing list