Hello Martin, since a major outage at my provider, dtag.de or Deutsche Telecom AG, I have trouble with f.root-servers.net. Sometimes "dig ... +vc" does help me to see f.root-servers.net.
The real problem is anycast. With udp it behaves different than with tcp. When querying servers that are difficult to reach, sometimes you are more lucky with tcp than with udp. Amplification attacks using nameservers don't work with tcp. Sometimes bugs in resolvers sometimes in clients cause failover to tcp. With DNSSEC tcp is almost a must. Same with IPv6. Kind regards Peter Martin McCormick wrote: > When are tcp dns queries necessary? > > It was my understanding that clients could user tcp or > udp. > > Martin McCormick WB5AGZ Stillwater, OK > Systems Engineer > OSU Information Technology Department Telecommunications Services Group > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
