RE: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Stephan Lagerholm
impact on DNS servers. This is > >especially important with DNSSEC, where answers are much larger. > > > > > > > > > > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Roberto Carna > Sent: Monday, February 4, 2019 4:46 PM > T

RE: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Salih CIRGAN
. This is especially important with DNSSEC, where answers are much larger. From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Roberto Carna Sent: Monday, February 4, 2019 4:46 PM To: ML BIND Users Subject: DNS Flag Day: I had to open the TCP/53 port Dear, I

Re: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Jeronimo L. Cabral
Ben, thanks a lot !!! Regards On Mon, Feb 4, 2019 at 11:04 AM Ben Croswell wrote: > When a DNS response is too large to fit in a single UDP packet, 512 bytes > up to 4k with edns, the DNS server will respond with as much as it can fit > in the UDP packet. It will also set the truncate, TC, bit

Re: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Ben Croswell
When a DNS response is too large to fit in a single UDP packet, 512 bytes up to 4k with edns, the DNS server will respond with as much as it can fit in the UDP packet. It will also set the truncate, TC, bit to let the client doing the query that the answer is truncated and the client should query

Re: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Ron Hall
Just about anything (if it is large enough). r On 2019-02-04 08:56 AM, Roberto Carna wrote: Thanks Ben for your response, can you tell me the types of TCP traffic I have to expect in BIND, excepting Zone Tansfer? Thans a lot again!!! El lun., 4 feb. 2019 a las 10:50, Ben Croswell

Re: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Roberto Carna
Thanks Ben for your response, can you tell me the types of TCP traffic I have to expect in BIND, excepting Zone Tansfer? Thans a lot again!!! El lun., 4 feb. 2019 a las 10:50, Ben Croswell () escribió: > BIND has always required UDP and TCP 53 for proper functionality. It > sometimes mistakenly

Re: DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Ben Croswell
BIND has always required UDP and TCP 53 for proper functionality. It sometimes mistakenly believed that TCP is only for zone transfers but that is not the case. On Mon, Feb 4, 2019, 8:46 AM Roberto Carna Dear, I have a BIND 9.10 public server and I have delegated some public > domains. > > When

DNS Flag Day: I had to open the TCP/53 port

2019-02-04 Thread Roberto Carna
Dear, I have a BIND 9.10 public server and I have delegated some public domains. When I test these domains with the EDNS tool offered in the DNS Flag Day webpage, the test was wrong wit just UDP/53 port opened to Internet. After that, when I opened also TCP/53 port, the test was succesful.