[98534] in North American Network Operators' Group
Re: large organization nameservers sending icmp packets to dns
daemon@ATHENA.MIT.EDU (John Kristoff)
Fri Aug 10 22:56:15 2007
Date: Fri, 10 Aug 2007 21:55:16 -0500
From: John Kristoff <jtk@ultradns.net>
To: nanog@merit.edu
In-Reply-To: <F04AFCFF-DDA1-4D55-BDEA-7D1CE90D46ED@mail-abuse.org>
Errors-To: owner-nanog@merit.edu
On Fri, 10 Aug 2007 16:11:04 -0700
Douglas Otis <dotis@mail-abuse.org> wrote:
> TCP offers a means to escape UDP related issues. On the other hand,
> blocking TCP may offer the necessary motivation for having these UDP
> issues fixed. After all, only UDP should be required. When TCP is
> designed to readily fail, reliance upon TCP seems questionable. As
> DNSSEC in introduced, TCP could be relied upon in the growing number
> of instances where UDP is improperly handled.
As a datapoint I ran some tests against a reasonably diverse and
sizeable TLD zone I work with in another forum. I queried the name
servers listed in the parent to see if I could successfuly query
them for their corresponding domain name they are configured for
using TCP. Out of about 9,300 unique name servers I failed to
receive any answer from about 1700 of them. That is a bit more
than an 18% failure rate.
John
