ietf-mxcomp
[Top] [All Lists]

Re: record size and wild cards, was change of version string

2004-08-10 21:19:51


On Aug 10, 2004, at 10:56 PM, Rand Wacker wrote:

On Tue, 10 Aug 2004, David Blacka wrote:

It is more credible for me to believe that there is DNS software that won't fall back to TCP, or that there are some that don't actually allocate 64k
(the actual maximum) of space for receiving a message.

The issue is more operational, there will be quite a bit of resistance by site security admins to open up TCP port 53 for queries of that size, and
even more resitance by sites that receive A LOT of mail to accept the
possibility of making outbound TCP queries for large number of incoming
messages.

I'm not sure what you are arguing about, here. I was merely expressing incredulity that a bug of a particular nature would exist, but, I suppose I will have to take John's word for it. I am still trying to imagine *how* this bug could have been written, but I suppose that is really just a lack of imagination on my part.

Seriously, falling back to TCP is how DNS works. Firewalls can block it, software can not support it, clients can refuse to do it, but, in doing so, they must accept the responsibility that some of their DNS queries/responses will not work.

All we can do is recognize that operational constraints exist and suggest that folks do not publish overly large RR sets, which we appear to be doing.

--
David Blacka    <davidb(_at_)verisignlabs(_dot_)com>
Sr. Engineer    Verisign Applied Research