[dns-operations] The possible problems after May 5th
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Apr 8 06:50:27 UTC 2010
On Thu, Apr 08, 2010 at 10:21:33AM +1000,
Mark Andrews <marka at isc.org> wrote
a message of 36 lines which said:
> If you block DNS over TCP
In my text, I used things like "Clean TCP path", not "*you* block TCP"
assertions because the ability to perform a request over TCP depend on
several actors (the resolver, the firewall, the authoritative name
server - Akamai still does not allow TCP).
> If you block UDP DNS packets bigger than 512 bytes then DNS lookups
> will be slower than they should be.
This assumes that the resolver retries when replies to EDNS queries
don't come back. BIND does it (after a timeout expired) but what do
other resolvers do?
More information about the dns-operations
mailing list