Please explain:
With DNSSEC tcp is almost a must. Same with IPv6.
Is EDNS0 not sufficient?
Thanks,
Ken
Ken Traynham
Network Engineer, ITS-EPA CLIN9
CSC
79 TW Alexander Drive, Building 4201, Durham NC 27709
ITIS | p: 919.767.7059 | f: 919.767.7506 | traynham....@epa.gov | www.csc.com
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
----------------------------------------------------------------------------------------
-----bind-users-boun...@lists.isc.org wrote: -----
Network Engineer, ITS-EPA CLIN9
CSC
79 TW Alexander Drive, Building 4201, Durham NC 27709
ITIS | p: 919.767.7059 | f: 919.767.7506 | traynham....@epa.gov | www.csc.com
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
----------------------------------------------------------------------------------------
To: bind-us...@isc.org
From: Peter Dambier <pe...@peter-dambier.de>
Sent by: bind-users-boun...@lists.isc.org
Date: 05/05/2009 05:31AM
Subject: Re: tcp versus udp
Hello Martin,
since a major outage at my provider, dtag.de or Deutsche Telecom AG, I have trouble
with f.root-servers.net. Sometimes "dig ... +vc" does help me to see f.root-servers.net.
The real problem is anycast. With udp it behaves different than with tcp.
When querying servers that are difficult to reach, sometimes you are more lucky with
tcp than with udp.
Amplification attacks using nameservers don't work with tcp.
Sometimes bugs in resolvers sometimes in clients cause failover to tcp.
With DNSSEC tcp is almost a must. Same with IPv6.
Kind regards
Peter
Martin McCormick wrote:
> When are tcp dns queries necessary?
>
> It was my understanding that clients could user tcp or
> udp.
>
> Martin McCormick WB5AGZ Stillwater, OK
> Systems Engineer
> OSU Information Technology Department Telecommunications Services Group
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: pe...@peter-dambier.de
http://www.peter-dambier.de/
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
ULA= fd80:4ce1:c66a::/48
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
