Barry Margolin <[EMAIL PROTECTED]> writes:

>> > Are there any configuration changes that can be made to BIND to force
>> > it to use TCP exclusively and never use UDP?  Possible?
>> 
>> I guess not, why?
>
> I'm guessing he's considering this as a better solution to the Kaminsky 
> attack.

noone who has read RFC 1035 4.2.2 will think TCP/53 is a solution to anything
other than zone transfer or truncation, and anyone who does read it will have
to realize that TCP/53 only works because there's no current benefit to be had
in holding TCP/53's head underwater.
-- 
Paul Vixie

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


Reply via email to