On Sun, Aug 10, 2008 at 01:06:06PM -0700, Chris Paul wrote:
> brett watson wrote:
> >>Hey authority DNS server operators. Can you make a change to your
> >>servers to always allow TCP client connections? Would this be
> >>difficult? What would be the harm?
> >SYN flooding?
> from your clients? We ways of knowing people on our local network are
> doing this type of thing and turn them off at the switch today. Why are
> you are doing dns recursion for people outside your network?
The question isn't whether to offer TCP/53 up at the recursive
server. The issue is that for you to use TCP/53 from your recursive
server, it has to be offered up at the authoritative end.
The authoritative server operators have to offer TCP/53 and the
firewall administrators between the recursive server and the
authoritative servers have to allow the traffic.
-rob
