tcp versus udp

Peter Dambier peter at peter-dambier.de
Tue May 5 10:08:30 UTC 2009


EDNS would be nice if it was working, but the same guy who disabled tcp in the
firewall somehow has shot EDNS too.

There are so many broken firewalls around nameservers that tcp is a must.

It is not an EDNS or bind problem. It is the firewalls in between.
Expect the worst but try to give your best says please keep tcp working.

Cheers
Peter

Traynham.Ken at epamail.epa.gov wrote:
> Please explain:
>  
> With DNSSEC tcp is almost a must. Same with IPv6.
> Is EDNS0 not sufficient?
>  
> Thanks,
> Ken
>  
> Ken Traynham
> Network Engineer, ITS-EPA CLIN9
> CSC
> 
> 79 TW Alexander Drive, Building 4201, Durham NC 27709
> ITIS | p: 919.767.7059 | f: 919.767.7506 | traynham.ken at epa.gov
> <mailto:traynham.ken at epa.gov> | www.csc.com <http://www.csc.com/>
> 
> ----------------------------------------------------------------------------------------
> This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
> ----------------------------------------------------------------------------------------
> 
> -----bind-users-bounces at lists.isc.org wrote: -----
> 
>     To: bind-users at isc.org
>     From: Peter Dambier <peter at peter-dambier.de>
>     Sent by: bind-users-bounces at lists.isc.org
>     Date: 05/05/2009 05:31AM
>     Subject: Re: tcp versus udp
> 
>     Hello Martin,
> 
>     since a major outage at my provider, dtag.de or Deutsche Telecom AG,
>     I have trouble
>     with f.root-servers.net. Sometimes "dig ... +vc" does help me to see
>     f.root-servers.net.
> 
>     The real problem is anycast. With udp it behaves different than with
>     tcp.
> 
>     When querying servers that are difficult to reach, sometimes you are
>     more lucky with
>     tcp than with udp.
> 
>     Amplification attacks using nameservers don't work with tcp.
> 
>     Sometimes bugs in resolvers sometimes in clients cause failover to tcp.
> 
>     With DNSSEC tcp is almost a must. Same with IPv6.
> 
> 
>     Kind regards
>     Peter
> 
> 
> 
>     Martin McCormick wrote:
>     >     When are tcp dns queries necessary?
>     >
>     >     It was my understanding that clients could user tcp or
>     > udp.
>     >
>     > Martin McCormick WB5AGZ  Stillwater, OK
>     > Systems Engineer
>     > OSU Information Technology Department Telecommunications Services
>     Group
>     > _______________________________________________
>     > bind-users mailing list
>     > bind-users at lists.isc.org
>     > https://lists.isc.org/mailman/listinfo/bind-users
> 
>     -- 
>     Peter and Karin Dambier
>     Cesidian Root - Radice Cesidiana
>     Rimbacher Strasse 16
>     D-69509 Moerlenbach-Bonsweiher
>     +49(6209)795-816 (Telekom)
>     +49(6252)750-308 (VoIP: sipgate.de)
>     mail: peter at peter-dambier.de
>     http://www.peter-dambier.de/
>     http://iason.site.voila.fr/
>     https://sourceforge.net/projects/iason/
>     ULA= fd80:4ce1:c66a::/48
>     _______________________________________________
>     bind-users mailing list
>     bind-users at lists.isc.org
>     https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
http://www.peter-dambier.de/
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
ULA= fd80:4ce1:c66a::/48



More information about the bind-users mailing list