On Thu, 08 May 2003 22:36:16 +0200, Mathias Gerber <mathias_at_intergga.ch> said:
> AFAIK the DNS uses TCP for larger replys.
Back when the maximum usable MTU in the Arpanet was 584, the DNS protocol
basically said "Send the query as UDP, if reply is over 512 bytes long
server sends back 'too big', and retry the query as TCP".
RFC2671 specifies an extension mechanism for DNS (EDNS0), and even if you
don't use any other extensions provides a convenient way of saying "Use UDP
if the packet is under 1280 (or 4K, or whatever you specify)". This allows
the (hopeful) savings of a 3 packet handshake to set up a TCP session and
another several packets at FIN time.
However, just as with older firewalls that break RFC3168 ECN (explicit
congestion notification) because they don't like the use of previously
"reserved" bits in the TCP SYN packet, some gear doesn't like seeing the
RFC2671-format DNS queries and drop them on the floor...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
Received on May 08 2003
Intro
