Hallo, Ada perubahan di protocol DNS. Dulu DNS lookup (DNS Query) dilakukan dengan UDP port 53, tetapi dengan berkembangnya kebutuhan akan besarnya DNS record, khususnya antispoofing SPF dan DKIM, maka buffer size dengan UDP tidak lagi mencukupi.
Kedepan, DNS query akan pakai TCP protocol. https://dnsflagday.net/2020/ -- quote --> IP fragmentation is a problem on the Internet today, especially when it comes to large DNS messages. And even if fragmentation works it might not be secure enough for DNS. These issues can be fixed by honoring an EDNS buffer size that will not cause fragmentation and by allowing DNS to switch from UDP to TCP when larger buffer sizes are not enough. FAQ Q: Is DNS over UDP dead? A: No, DNS over UDP will still be the main means of transportation as it is massively scalable, very resource-efficient and fault-tolerant. Q: TL;DR RFC 7766 A: DNS MUST work over TCP! <-- end of quote --- MDaemon sudah mengantisipasi hal itu sejak MDaemon versi 19.0.3 https://files.mdaemon.com/mdaemon/release/relnotes_en.html FIXES [21889] fix to SPF policies are truncated after 512 characters Implikasi kedepannya, jika MDaemon running dibelakang firewall maka pastikan outbound tcp dan udp port 53 di allow/open. -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, MDaemon 19.0.3-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Don’t worry about failures, worry about the chances you miss when you don’t even try. --- Jack Canfield -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir MD 19.0.3, SG 6.1.0
