In message <4828.1269611...@localhost>, [email protected] writes: > --==_Exmh_1269611568_4209P > Content-Type: text/plain; charset=us-ascii > > On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said: > > > - Yes but as for DNS, anycast is essentially used for user requests (UDP) > > not to perform zone transfer(TCP). > > DNS uses TCP for more than just XFR. For instance, if you're running a > resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC > signed reply, it's going to be over 512 bytes and the lack of EDNS0 will > cause it to re-ask via TCP.
DNSSEC depends on EDNS and DO being set in the EDNS OPT record, so won't get DNSSEC records, except in response to * queries, for non EDNS queries. > Just mentioning it because the sort of sites that think TCP==XFR are the > sort most likely to be running firewalls that munch the EDNS0 bits, and > are setting themselves up for big surprises in the very near future. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
