On Fri, Apr 25, 2014 at 10:46 AM, Ralf Weber <[email protected]> wrote: > Moin! > > On 25 Apr 2014, at 16:22, Tirumaleswar Reddy (tireddy) <[email protected]> > wrote: >> Any specific reason for the firewalls to permit TCP/53 other than for zone >> transfer ? > Wat? Because it is defined in the RFC. RFC1035 may not been totally clear on > that. IMHO > the language is strong enough, but if not there is RFC5966: > "All general-purpose DNS implementations MUST support both UDP and > TCP transport." > Any more questions?! Also all this new DNS stuff like DNSSEC and mitigating > DNS > amplification attack with RRL or similar techniques require that the TCP > transport works. > > So long
Yes and RFC 8888 quite definitely says that I get a pony. The existing DNS works as far as the people running their firewalls are concerned. The failure of TCP fallback in practice has been an understood problem for 20+ years. If people want to design a protocol that is going to be usable, they are going to end up having to accept some constraints that are not in the specs. -- Website: http://hallambaker.com/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
