[dns-operations] Storm on the DNS

Phil Regnauld regnauld at nsrc.org
Thu Dec 17 13:41:53 UTC 2015


Roland Dobbins (rdobbins) writes:
> On 17 Dec 2015, at 20:06, Ralf Weber wrote:
> 
> >If we switch DNS to TCP there will be a huge cost in implementing
> >this, as TCP just doesn't scale the way UDP does and as with all
> >things DNS we still have to support the current protocol for
> >decades.
> 
> Not only that, but TCP/53 is fairly pervasively blocked on lots of
> endpoint networks due to security misinformation first propagated by
> firewall vendors during the mid-to-late 1990s.

	So were DNS queries with a source port of != 53. That changed, and
	in the process we got many people to update their old "UDP only,
	max 512 byte" perception of DNS.




More information about the dns-operations mailing list