On 2013-08-21 19:36, Geoff Huston wrote: ...
truncated TCP. 0.4% of them appear to have some inbound TCP-blocking firewall/filter. ...
...
I may have missed this in the original posting and this thread, but this is the first time I've seen this brought up here. This is a particular problem I've noticed. In certain "security-conscious" networks firewalls or filtering routers block all TCP DNS ("It's only used for zone transfers anyway") and UDP packets with a payload greater than 512 bytes. In fact, at least one major company's filtering firewalls and routers come set to do the latter (Cisco). Persuading checklist-followers that this is what is causing them problems is sometimes more effort than it's worth. I'm pleased to see that indiscriminate TCP DNS blocking seems not to be as prevalent on the particular part of the public Internet on which this test was conducted.
Joe Yao _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs