North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: large organization nameservers sending icmp packets to dns servers.
On Fri, 10 Aug 2007 16:11:04 -0700 Douglas Otis <[email protected]> wrote: > TCP offers a means to escape UDP related issues. On the other hand, > blocking TCP may offer the necessary motivation for having these UDP > issues fixed. After all, only UDP should be required. When TCP is > designed to readily fail, reliance upon TCP seems questionable. As > DNSSEC in introduced, TCP could be relied upon in the growing number > of instances where UDP is improperly handled. As a datapoint I ran some tests against a reasonably diverse and sizeable TLD zone I work with in another forum. I queried the name servers listed in the parent to see if I could successfuly query them for their corresponding domain name they are configured for using TCP. Out of about 9,300 unique name servers I failed to receive any answer from about 1700 of them. That is a bit more than an 18% failure rate. John
|