-----Original Message----- From: Tomas L. Byrnes Sent: Saturday, August 09, 2008 9:01 PM To: 'Chris Paul' Subject: RE: maybe a dumb idea on how to fix the dns problems i don't know....
Actually, the RFCs (RFC-1034 3.7RFC-1035 4.2, ref RFC-793; Implementation spec in RFC-1035 4.2.2; RFC-2136 2.1 says TCP is "at the discretion of the requestor";) say TCP "Should" be supported. It's optional, but recommended. The source of the guidance to block TCP is misguided "security" folks who confuse self-denial of service with policy enforcement. When security breaks functionality, it usually fails to secure, as users circumvent it, in my not so humble experience. BTW: In RFC 1034 5.3.1 PVM tipped to some of the issues that we are now dealing with, under the title of "Stub Resolvers". > -----Original Message----- > From: Chris Paul [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2008 3:49 PM > Cc: [EMAIL PROTECTED] > Subject: Re: maybe a dumb idea on how to fix the dns problems i don't > know.... > > > Paul Vixie wrote: > > because TCP is considered optional by many authority DNS > server operators. > > > Hey authority DNS server operators. Can you make a change to your > servers to always allow TCP client connections? Would this be > difficult? > What would be the harm? > > it's only required if you expect AXFR or if you ever emit a > TC bit. > > if you don't want to do TCP then you can rule out the TC > bit and AXFR > > and just not do TCP, and you'll be dead-to-rights within > the various DNS protocol RFCs. > > > what RFCs forbid TCP for clients? I thought TCP was an option for > clients. I'm not spending the rest of my sunday though reading > rfcs....... and sure as hell not joining another list because to tell > you the truth, I don't really care as much about the typical angry > Sunday list poster (talk about redundant statement....) > > thanks for the thoughts, though Paul. I'll leave the rest of this > discussion (should it exist) to others in their forum of choice.... > I'm thinking of nice insalade caprese with true mozarella di bufalo > right now.... now That's A Sunday!" > > CP > > -- > Chris Paul > Rex Consulting, Inc > 157 Rainbow Drive #5703, Livingston, TX 77399-1057 > email: [EMAIL PROTECTED] > web: http://www.rexconsulting.net > phone, direct: +1, 831.706.4211 > phone, toll-free: +1, 888.403.8996 > > The information transmitted is intended only for the person or entity > to which it is addressed and may contain confidential and/or > privileged material. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended recipient > is prohibited. > Rex Consulting, Inc. is a California Corporation. > > P Please don't print this e-mail, unless you really need to. > > > >
