Re: MX Record Theories

[Mark Andrews <marka () isc org>]

In message <c3de0a330905280804t56ca87dapd94281399202a48 () mail gmail com>, Bobby Mac writes:
> Not entirely on subject but....  I thought that allowing DNS queries to
> occur via TCP is mission critical for simple mail routing.  We ran across
> this back in the day at @Home Network.  Firewall rules were changed to not
> allow port 53 TCP.  This severely affected sending mail to large
> distribution lists.  Here is what we found and forgive me if I don't go into
> too much detail as it was almost 10 years a go.

        As I said, sites just don't do this as it causes serious
        problems.  Sites that disable TCP/53 outbound just end up
        re-enabling it.  Nameservers and stub resolvers automatically
        retry with TCP and the client applications just don't get
        answers returned when you start blocking TCP/53 outbound.
        It doesn't take long for said stupidity to be reversed.
 
> If you add enough recipients to an email, each domain within the send line
> needs to have an associated MX record.  DNS by default starts with UDP which
> has a limit to the datagram size (64bit). A flag is placed in the
> header which then requires the request to be sent via TCP (160bit V4).  Now
> that single query can be split up into many different packets providing that
> the request is more than the 160 bit and obviously IPV6 offers even more
> information contained in a single packet.

        The number of recipients has no impact on the size of the
        DNS responses.  It will have a impact on the number of DNS
        queries made iff the receipents are in multiple mail domains.

        Mark
 
> -BobbyJim
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org