Re: [swinog] Google Safe Browsing vs DNS TCP reply

9 Jul 2009


      Guy Baconniere wrote:
...
When the query reaches the DNS of the ISP it will reply with a DNS TCP
reply if minimal-responses is no (default on Bind9) or with a small
UDP DSN reply if minimal-responses is yes.
I can't quite see how that would be correct.  When a resolver issues a
query with UDP, it will expect a reply (minimal or not) via UDP.  Only
if it does not get a useful answer via UDP will it change and try a TCP
query.
...
I recommend that all ISP use minimal-responses yes or equivalent on
their DNS server. This will save bandwidth and avoid DNS TCP reply to
be blocked in a Firewall in the path.
When the client has issued a TCP query, any half-way decent firewall
will know not to block the reply.
/Per
-- 
Per Jessen, Herrliberg (19.8°C)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [swinog] Google Safe Browsing vs DNS TCP reply