Re: Anycast 101

• From: Valdis.Kletnieks
• Date: Fri Dec 17 12:06:18 2004

On Thu, 16 Dec 2004 17:18:12 PST, Crist Clark said:

> Into a UDP response. A resolver will recieve the first 512 bytes of the
> truncated response and may then use TCP to get the complete response...
> unless there is a firewall blocking 53/tcp in the way. But how often
> does that happpen?

You're new here, aren't you? ;)

It happens *all* *the* *time* (probably just as often as sites that block
all ICMP including 'frag needed' and wonder why PMTU Discovery breaks and
connections hang).

The *real* operational problem is that almost 100% of the time that there's
a firewall blocking 53/tcp, the person running the firewall is (a) unaware
that it's blocking it and (b) doesn't even realize that DNS *can* use TCP....

Quite often, there's even a "(c) they don't even know they have a firewall" just
to make things really interesting.

Attachment: pgp00036.pgp
Description: PGP signature

• Follow-Ups:
  • Re: Anycast 101 Douglas K. Fischer

• References:
  • Re: Anycast 101 Steven M. Bellovin
  • Re: Anycast 101 Crist Clark

• Prev by Date: Re: Anycast 101
• Next by Date: Re: Anycast 101
• Date Index
• Thread Index
• Author Index
• Historical