icmp problem

James Raftery james-bind-users at now.ie
Wed Mar 14 14:51:49 UTC 2001

On Wed, Mar 14, 2001 at 09:15:15AM -0500, Tom Nichols wrote:
> I've been running 4 DNS servers like this for over a year with no
> problems. Only TCP packets and no external domain queries.

The DNS protocol does not require DNS servers to offer TCP service,
except for responses larger than 512 bytes and for AXFR. If am runnning
an authoritative server for a given zone which has no RRset larger than
512 bytes and I don't want to allow AXFR for you then I can choose not
to allow incoming TCP to my DNS servers.

You have chosen to use only the protocol for exceptional circumstances
(TCP) and not the protocol for regular DNS conversations (UDP). This may
have some very strange consequences.

They're your boxes -- configure them how you like, but be aware that
DNS server operators could stay within the specs of the DNS protocol
but still end up isolating your TCP-only resolvers.

James Raftery (JBR54)
  "It's somewhere in the Red Hat district"  --  A network engineer's
   freudian slip when talking about Amsterdam's nightlife at RIPE 38.

More information about the bind-users mailing list