On Thu, 6 Oct 2005 22:15:25 +0100
ed [EMAIL PROTECTED] wrote:
Works fine on on the 2 domains where it's been implemented, of which
I handled the conversion from BIND style to djbdns. No problems on UDP
lookups alone, including some deep CNAMEs, which are just not required,
but I'll deal
Quoting ed [EMAIL PROTECTED]:
Zone transfers are on tcp/53, DNS lookups are 53/udp, so:
pass in on $ext_if proto udp from any to $DNS port 53 keep state
and if required:
pass in on $ext_if proto tcp from $ext_net to $DNS port 53 keep state
I use TinyDNS here, so we don't really need to
On Thu, 6 Oct 2005 19:52:31 -0400
Dave Anderson [EMAIL PROTECTED] wrote:
Responses long enough so that required information is truncated should
be rare, so perhaps you've been lucky and not encountered any yet.
I understand fully what you are saying, but I just don't want to serve
DNS via TCP.
Then, you can forget about DNSSEC for example ...
Lio
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de ed
Envoyi : vendredi 7 octobre 2005 19:25
Cc : misc@openbsd.org
Objet : Re: CARP+Pfsync+Bind
On Thu, 6 Oct 2005 19:52:31 -0400
Dave Anderson [EMAIL
On Thu, 6 Oct 2005 16:55:05 +0400
Vladimir Potapov [EMAIL PROTECTED] wrote:
We have 1 server on which running firewall and DNS master service. And
we planned to install another server for load balancing and redudancy.
2 servers(each have running PF and BIND) will balancing load (or one
will
** Reply to message from ed [EMAIL PROTECTED] on Thu, 6 Oct 2005
14:04:20 +0100
Zone transfers are on tcp/53, DNS lookups are 53/udp, so:
That's not quite the whole story: 53/tcp is also used when the response
to a query is too big for a single UDP packet (the resolver sends a UDP
query and gets
On Thu, 2005-10-06 at 14:04:20 +0100, ed proclaimed...
I use TinyDNS here, so we don't really need to transfer zones as its
handled with a single data file. CARP can be good with DNS.
53/tcp *is* required to answer normal queries.
Since you're drinking djb's koolaid, see
On Thu, 6 Oct 2005 15:49:02 -0400
Dave Anderson [EMAIL PROTECTED] wrote:
That's not quite the whole story: 53/tcp is also used when the
response to a query is too big for a single UDP packet (the resolver
sends a UDP query and gets a 'truncated' UDP reply, so the resolver
retries the query
** Reply to message from ed [EMAIL PROTECTED] on Thu, 6 Oct 2005
22:15:25 +0100
On Thu, 6 Oct 2005 15:49:02 -0400
Dave Anderson [EMAIL PROTECTED] wrote:
That's not quite the whole story: 53/tcp is also used when the
response to a query is too big for a single UDP packet (the resolver
sends a
On Thu, 6 Oct 2005 15:07:23 -0500
eric [EMAIL PROTECTED] wrote:
On Thu, 2005-10-06 at 14:04:20 +0100, ed proclaimed...
I use TinyDNS here, so we don't really need to transfer zones as its
handled with a single data file. CARP can be good with DNS.
53/tcp *is* required to answer normal
On Thu, 2005-10-06 at 22:15:52 +0100, ed proclaimed...
TCP for for DNS lookups are probably going to incur latency. I'd rather
just block that off and ensure that the DNS being provided does not leak
excess 512 bytes. This might cause some problems with huge round robin
lists, but we can all
11 matches
Mail list logo