Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Dec 2003 01:02:48 +0100
From:      =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <>
Subject:   Re: need testers for a ipfw rule generation script!
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Boris Staeblow wrote:

> > DNS can also be TCP.
> > (noted by a colleague who seemed to have a closer look at it).
> under which circumstances is a DNS TCP connection needed?
> (I´ve never used a DNS TCP rule before - without any problem)

When reply can't be inserted into single UDP datagram - about
64K for systems going per RFC, and about 8K for old very
strange implementations. 64K is quite large space for most
queries, but I've for example seen bind 9 making TCP
connection when asked for zone xfer, that would exceed 512 bytes.

It's safe to let tcp/udp 53 get in.

Łukasz Bromirski                   

Want to link to this message? Use this URL: <>