[dns-operations] Storm on the DNS
regnauld at nsrc.org
Thu Dec 17 13:41:53 UTC 2015
Roland Dobbins (rdobbins) writes:
> On 17 Dec 2015, at 20:06, Ralf Weber wrote:
> >If we switch DNS to TCP there will be a huge cost in implementing
> >this, as TCP just doesn't scale the way UDP does and as with all
> >things DNS we still have to support the current protocol for
> Not only that, but TCP/53 is fairly pervasively blocked on lots of
> endpoint networks due to security misinformation first propagated by
> firewall vendors during the mid-to-late 1990s.
So were DNS queries with a source port of != 53. That changed, and
in the process we got many people to update their old "UDP only,
max 512 byte" perception of DNS.
More information about the dns-operations