On Sun, Oct 23, 2011 at 6:43 AM, Benny Pedersen <m...@junc.org> wrote: > On Sun, 23 Oct 2011 13:56:21 +1000, Noel Butler wrote: >> >> I think you have something broken, bind uses UDP by default, if >> it can not connect to a dns server on UDP it then retries on TCP. >> >> It also uses TCP for AXFR's > > correct, its not my problem how axfr works, as i have sleeped on it now, got > the idear its might be edns0 problem relatted ?, thats explain why i see > some dnsbl domains works and others not working > > how do i test this ? > > imho edns0 will always use tcp not udp, correct ?
Not at all. edns0 allows for a number of added capabilities, but makes no difference as to whether TCP or UDP is tried first. It also has the same "rules" on when to switch to TCP. The biggest single difference edns0 makes is to allow larger UDP packets. Without edns0, UDP packet size is limited to 512 bytes. With edns0, packets may typically run up to 4K bytes. If you are seeing issues with edns0, look for firewall issues. Make sure that it is not limiting DNS UDP to 512 and that it is allowing fragments. These are two of the most causes of problems with edns0 enabled operations in DNS. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
