SZALAY Attila wrote: > On Sat, 2008-11-08 at 19:03 +0000, daniel wrote: >> Ansgar Wiechers wrote: >>> On 2008-10-31 daniel wrote: >>>> iptables -A OUTPUT -p udp --dport 53 -j ACCEPT >>>> iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED >>>> -j ACCEPT >>> You need TCP for fully functional DNS as well. >> Why do I need TCP for fully functional DNS? >> TCP must be used for zone transfers. >> See --> http://www.freesoft.org/CIE/Topics/77.htm > > No, it's not exactly true. > > You need tcp in the case when the answer is too big to fit in an UDP > packet. If this happen, the client should reconnect using tcp. > > From rfc 1035: > > 4.2.1. UDP usage > > Messages sent using UDP user server port 53 (decimal). > > Messages carried by UDP are restricted to 512 bytes (not counting the IP > or UDP headers). Longer messages are truncated and the TC bit is set in > the header. > Thanks for your explanation.
I will read more the RFC's. :) Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
