[105165] in North American Network Operators' Group
Re: DNS problems to RoadRunner - tcp vs udp
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Fri Jun 13 14:27:13 2008
To: Jon.Kibler@aset.com
In-Reply-To: Your message of "Fri, 13 Jun 2008 14:14:55 EDT."
<4852B91F.8090205@aset.com>
Date: Fri, 13 Jun 2008 11:26:28 -0700
From: "Kevin Oberman" <oberman@es.net>
X-To: Jon.Kibler@aset.com
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1213381588_53832P
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> Date: Fri, 13 Jun 2008 14:14:55 -0400
> From: Jon Kibler <Jon.Kibler@aset.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mark Price wrote:
> <SNIP>
> >>From what I have read, public DNS servers should support both UDP and
> > TCP queries. TCP queries are often used when a UDP query fails, or if
> > the answer is over a certain length.
> >
>
> UDP is used for queries.
Sometimes.
> TCP is used for zone transfers.
Yes.
> If my server responded to TCP queries from anyone other than a secondary
> server, I would be VERY concerned.
If it does not, you should be very concerned. The RFCs (several, but
I'll point first to good old 1122) allow either TCP or UDP to be used
for any operation that will fit in a 512 byte transfer. (EDNS0 allows
larger UDP.)
TCP is to be used any time a truncated bit is set in a replay. If you
ever send a large reply that won't fit in 512 bytes, the request will
be repeated using a TCP connection. If you ignore these, your DNS is
broken. It is even allowed under the spec to start out with TCP, as AXFR
queries typically do.
Yes, I realize that this is fairly common and it does not break much,
but, should DNSSEC catch on, you might just find the breakage a bit
worse than it is today and there is no reason to have even the slight
breakage that is there now.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
--==_Exmh_1213381588_53832P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Exmh version 2.5 06/03/2002
iD8DBQFIUrvUkn3rs5h7N1ERAvgWAJ9c83QbfEUNedG4/4rP72FWnSWCPgCgj2tH
1TOml9YYm4MAVrnfqKdz/Pk=
=i0M0
-----END PGP SIGNATURE-----
--==_Exmh_1213381588_53832P--
