ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] SMTP Retrying/Sending Strategy on 452 / 4.5.3

2019-02-13 15:11:47
Nobody that is sane blocks TCP from or to recursive servers.  Those that
argue for blocking DNS/TCP usually do so in the context of authoritative 
servers.
Even there it is "Gun, Foot, Shoot" territory.  There are lots of ways TCP is
used in DNS today when answering ordinary queries (not zone transfers).

* answers don’t fit -> TC=1.
* referral doesn’t fit -> TC=1.
* anti spoofing setting TC=1.
* client recovery from multiple BADCOOKIE responses.

If you have a DNSSEC signed zone you will almost certainly be getting some
TCP traffic.

Too many times I have seen authoritative servers send back TC=1 only to be
blocked by a firewall.  Friends don’t let friends block DNS queries with
firewalls.

Mark

On 14 Feb 2019, at 6:53 am, valdis(_dot_)kletnieks(_at_)vt(_dot_)edu wrote:

On Wed, 13 Feb 2019 12:22:09 +0000, Дилян Палаузов said:

Is publishing 1024 distinct IPv6 addresses for MX on a domain a good idea

Only if you're *really* sure that everybody who wants to talk to you supports
at least EDNS0 and doesn't block tcp/53 :)


_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka(_at_)isc(_dot_)org

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp