Date: Sun, 30 Jun 1996 13:44:44 -0600 From: Warner Losh <imp@village.org> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: nash@mcs.com, current@FreeBSD.ORG, nate@mt.sri.com Subject: Re: Firewalling DNS TCP (was Re: IPFW bugs?) Message-ID: <199606301944.NAA00922@rover.village.org> In-Reply-To: Your message of Sun, 30 Jun 1996 00:51:43 %2B0200
next in thread | raw e-mail | index | archive | help
: In practice, if you're sure no query can be of more than 512 bytes, then : you can cut TCP/53. BUt IMO you don't gain that much. There was a discussion in I think namedroppers (or was that comp.protocols.tcp-ip.domain) that concluded this is a *BAD* idea. If you have any large records, they will be truncated by this and could lead to bogus mail delivery (if the remote end doesn't properly detect the truncated bit). It really buys you nothing unless you and all of your secondaries do the same thing. You do have secondaries on multiple nets, right? Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606301944.NAA00922>