[dns-operations] The possible problems after May 5th
Joe Abley
jabley at hopcount.ca
Thu Apr 8 13:12:40 UTC 2010
On 2010-04-08, at 07:57, Mark Andrews wrote:
> In message <20100408065027.GB19402 at nic.fr>, Stephane Bortzmeyer writes:
>> On Thu, Apr 08, 2010 at 10:21:33AM +1000,
>> Mark Andrews <marka at isc.org> wrote
>> a message of 36 lines which said:
>>
>>> If you block DNS over TCP
>>
>> In my text, I used things like "Clean TCP path", not "*you* block TCP"
>> assertions because the ability to perform a request over TCP depend on
>> several actors (the resolver, the firewall, the authoritative name
>> server - Akamai still does not allow TCP).
>
> And unless you have configured them otherwise they will just work.
>
> Recursive nameservers make TCP connections by default on TC.
> Authoritative nameservers accept TCP connections by default.
> Most firewalls allow the outbound TCP connections by default
> if not then you have configured them to be blocked.
Just to be clear, are you talking about your personal experience of the Internet with BIND9, or are you talking about research you have done across a broad slice of Internet users?
Joe
More information about the dns-operations
mailing list