![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Anycast 101
From: "Douglas K. Fischer" <fischerdk () fidoki com>
Date: Thu, 23 Dec 2004 13:14:51 -0500
Valdis.Kletnieks () vt edu wrote:
One of the most common misconceptions I've encountered and had heated debates with some would-be admins is the belief that the only "proper" use of 53/tcp for DNS is for zone transfers. For that reason they explicitly block 53/tcp in their firewalls. Same thing with that good old misconception that all forms of ICMP are evil and should be blocked.On Thu, 16 Dec 2004 17:18:12 PST, Crist Clark said:Into a UDP response. A resolver will recieve the first 512 bytes of the truncated response and may then use TCP to get the complete response... unless there is a firewall blocking 53/tcp in the way. But how often does that happpen?It happens *all* *the* *time* (probably just as often as sites that block all ICMP including 'frag needed' and wonder why PMTU Discovery breaks and connections hang). The *real* operational problem is that almost 100% of the time that there's a firewall blocking 53/tcp, the person running the firewall is (a) unaware that it's blocking it and (b) doesn't even realize that DNS *can* use TCP.... Quite often, there's even a "(c) they don't even know they have a firewall" just to make things really interesting.
Doug --*-- Life would be so much easier if we only had the source code... -Anonymous --*--
Current thread:
- Anycast 101 Iljitsch van Beijnum (Dec 16)
- Re: Anycast 101 Crist Clark (Dec 16)
- Re: Anycast 101 Steven M. Bellovin (Dec 16)
- Re: Anycast 101 Crist Clark (Dec 16)
- Re: Anycast 101 Valdis . Kletnieks (Dec 17)
- Re: Anycast 101 Douglas K. Fischer (Dec 23)
- Re: Anycast 101 Steven M. Bellovin (Dec 16)
- Re: Anycast 101 Suzanne Woolf (Dec 16)
- Re: Anycast 101 Alon Tirosh (Dec 16)
- Re: Anycast 101 Crist Clark (Dec 16)
- Re: Anycast 101 Stephane Bortzmeyer (Dec 17)
- Re: Anycast 101 Iljitsch van Beijnum (Dec 17)
- Re: Anycast 101 Michael . Dillon (Dec 17)
- Re: Anycast 101 Marshall Eubanks (Dec 17)
- Re: Anycast 101 William Allen Simpson (Dec 17)
- Re: Anycast 101 Iljitsch van Beijnum (Dec 17)
- Re: Anycast 101 William Allen Simpson (Dec 17)