[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS Question
I totally agree with don. "UDP is the standard transport, but not the required one. You could perform every request with a TCP connection, however a TCP connection is usually only used after a UDP connection has failed to fit within the 512 byte window resulting in the TC bit being set in the header." -Don so one should have both tcp and udp service in the policy. Phoram Mehta -----Original Message----- From: Don [mailto:[email protected]] Sent: Thursday, May 02, 2002 11:40 AM To: [email protected] Subject: Re: [FW-1] DNS Question > We allow DNS over UDP only and have not had any problems. Since this only affects large queries, you would probably not notice the failures. It is, however, wrong. > Don, can you give us a reference/RFC for these large DNS requests over > TCP? RFC 1035. http://www.faqs.org/rfcs/rfc1035.html Section 4.2 > I find nothing > about it, it is my understanding that only zone transfers use TCP. This is a very common misconception. UDP is the standard transport, but not the required one. You could perform every request with a TCP connection, however a TCP connection is usually only used after a UDP connection has failed to fit within the 512 byte window resulting in the TC bit being set in the header. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|