Is it possible to force BIND to use TCP exclusively?

Paul Vixie vixie at isc.org
Tue Aug 12 19:58:51 UTC 2008


Barry Margolin <barmar at alum.mit.edu> writes:

>> > Are there any configuration changes that can be made to BIND to force
>> > it to use TCP exclusively and never use UDP?  Possible?
>> 
>> I guess not, why?
>
> I'm guessing he's considering this as a better solution to the Kaminsky 
> attack.

noone who has read RFC 1035 4.2.2 will think TCP/53 is a solution to anything
other than zone transfer or truncation, and anyone who does read it will have
to realize that TCP/53 only works because there's no current benefit to be had
in holding TCP/53's head underwater.
-- 
Paul Vixie

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the bind-users mailing list