IPTables and DNS
Ed Greshko
Ed.Greshko at greshko.com
Mon Jan 17 02:55:35 UTC 2005
Jason Dixon wrote:
> On Jan 16, 2005, at 8:39 PM, Ed Greshko wrote:
>
>> Rudolf Ladyzhenskii wrote:
>>
>>> DNS is UDP port 53, not TCP
>>
>>
>> Actually, it is both....if you are going to be doing zone transfers
>> that is.
>
>
> Actually, it can also use TCP if it's unable to trim the response to fit
> in a 512 octet UDP datagram. This can happen with large responses,
> i.e., Akamai or Yahoo hosts that have multiple entries per A record.
> This is also necessary to support A6 and DNSSEC.
>
> </trivia>
Good point. In the back of my mind I knew there was more need/reason
for TCP. Just too early on a Monday morning to think. :-) Shame on me.
--
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."
--Ford Prefect in "Mostly Harmless".
More information about the redhat-list
mailing list