Is it possible to force BIND to use TCP exclusively?
Paul Vixie
vixie at isc.org
Tue Aug 12 19:58:51 UTC 2008
Barry Margolin <barmar at alum.mit.edu> writes:
>> > Are there any configuration changes that can be made to BIND to force
>> > it to use TCP exclusively and never use UDP? Possible?
>>
>> I guess not, why?
>
> I'm guessing he's considering this as a better solution to the Kaminsky
> attack.
noone who has read RFC 1035 4.2.2 will think TCP/53 is a solution to anything
other than zone transfer or truncation, and anyone who does read it will have
to realize that TCP/53 only works because there's no current benefit to be had
in holding TCP/53's head underwater.
--
Paul Vixie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the bind-users
mailing list