Moin!
On 25 Apr 2014, at 16:22, Tirumaleswar Reddy (tireddy) <tire...@cisco.com>
wrote:
> Any specific reason for the firewalls to permit TCP/53 other than for zone
> transfer ?
Wat? Because it is defined in the RFC. RFC1035 may not been totally clear on
that. IMHO
the language is strong enough, but if not there is RFC5966:
"All general-purpose DNS implementations MUST support both UDP and TCP
transport."
Any more questions?! Also all this new DNS stuff like DNSSEC and mitigating DNS
amplification attack with RRL or similar techniques require that the TCP
transport works.
So long
-Ralf
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
