Branko Mijuskovic <branko.mijuskovic.h...@gmail.com> wrote: > > But I'm curious, do you know does BIND failover to TCP if UDP timeouts > during DNSKEY fetching?
Dunno. I have blocked both UDP and TCP on my hidden primary, and it is refreshing its trust anchors via my recursive servers OK, so it is not something I have had to worry about. In general, port 53 should work for both UDP and TCP, or neither. If it's half-blocked you'll get weird problems, and the solution is to fix the network. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Fitzroy, Sole, Lundy, Fastnet: Northwesterly 4 or 5 in southwest Fitzroy, otherwise 7 to severe gale 9, backing westerly 5 or 6 later. Very rough or high, becoming rough or very rough later in Lundy and Fastnet. Squally wintry showers. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
