[ previous ] [ next ] [ threads ]
 
 From:  Michael Sierchio <kudzu at tenebras dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Are TCP DNS queries possible?
 Date:  Tue, 13 Sep 2005 15:35:37 -0700
Steve Yates wrote:

> http://support.microsoft.com/default.aspx?scid=kb;en-us;263237
> 
> That's for Windows/Exchange 2000.  It doesn't say it will fall back
> though, it says, "Request for Comments (RFC) 883 and the later RFCs
> prescribe that DNS servers be able to accept both TCP virtual circuits
> and UDP."

UDP is not acceptable for zone transfers, but is the recommended method
for standard queries in the Internet.

	- RFC 1035 (Internet Standard)

DNS over TCP is slower than UDP, inherently more vulnerable to DoS,
and isn't necessary unless you need to return records greater than
512 bytes (which would result in a truncated reply via UDP) -- which
is almost always a mistake.  Or to permit zone transfers.

The reason Microsoft does things in a non-standard way is...
h-e-g-e-m-o-n-y.