DNS Flag Day: I had to open the TCP/53 port
salih.cirgan at doruk.net.tr
Mon Feb 4 14:08:12 UTC 2019
rfc6891 states that it uses TCP to avoid truncated UDP responses. It is all about packet size,fragmentation and network load.
EDNS(0) specifies a way to advertise additional features such as
larger response size capability, which is intended to help avoid
truncated UDP responses, which in turn cause retry over TCP. It
therefore provides support for transporting these larger packet sizes
without needing to resort to TCP for transport.
Announcing UDP buffer sizes that are too small may result in fallback
to TCP with a corresponding load impact on DNS servers. This is
especially important with DNSSEC, where answers are much larger.
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Roberto Carna
Sent: Monday, February 4, 2019 4:46 PM
To: ML BIND Users <bind-users at lists.isc.org>
Subject: DNS Flag Day: I had to open the TCP/53 port
Dear, I have a BIND 9.10 public server and I have delegated some public domains.
When I test these domains with the EDNS tool offered in the DNS Flag Day webpage, the test was wrong wit just UDP/53 port opened to Internet.
After that, when I opened also TCP/53 port, the test was succesful.
Please can you explain me the reason I have to open TCP/53 port to Internet from February 1st to the future???
Really thanks, regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users