[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] DNS Question
Don is a sharp cookie. Looks like the issue has been covered very well. The only thing I have to add is that O'Reilly's DNS and Bind should be required reading before touching DNS. If you admin a firewall and do not have this book, shame on you. Redeem yourself and go read it now :-). (This will probably get wrapped. Sorry.) http://www.amazon.com/exec/obidos/ASIN//qid=/sr=1-1/ ref=sr_1_1/-7830520 -s -----Original Message----- From: Don [mailto:[email protected]] Sent: Thursday, May 02, 2002 12:40 PM To: [email protected] Subject: Re: [FW-1] DNS Question > We allow DNS over UDP only and have not had any problems. Since this only affects large queries, you would probably not notice the failures. It is, however, wrong. > Don, can you give us a reference/RFC for these large DNS requests over > TCP? RFC 1035. http://www.faqs.org/rfcs/rfc1035.html Section 4.2 > I find nothing > about it, it is my understanding that only zone transfers use TCP. This is a very common misconception. UDP is the standard transport, but not the required one. You could perform every request with a TCP connection, however a TCP connection is usually only used after a UDP connection has failed to fit within the 512 byte window resulting in the TC bit being set in the header. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|