bind 9.2.1 SERVFAIL driving me nuts

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Dec 18 16:44:37 UTC 2003


phn at icke-reklam.ipsec.nu wrote:

>>The other server trip.ponyhome.com seeems blocked from
>>TCP queries/ zonetransfers.This is probably i firewall-filter
>>issue.

and Victor Wren <vwrennospam at ponyhomenospam.com> replied:

>Those are rules I put in after I got the nameserver working again.
>TCP, as I understand it,  is only for zone transfers, and is open to
>the slave servers.  UDP is open to everybody, but not for recursion
>(except where cached, obviously)

TCP can be used for more than just zone transfers.  There is nothing
in the DNS RFCs that state that DNS queries must be sent via UDP.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list