Re: [swinog] Server doesn't listen/answer on port 53 for TCP protocol

Hi

Besides AXFRs, as stated by the RFC, there may be perfectly valid reasons for DNS over TCP, for example when answers exceed 512 bytes. As for AXFRs from unwanted sources, you can filter them with bind ACLs, as explained in another post.

How does a client know in advance whether the DNS answer will exceed 512 bytes? Just curious.

If "DNS over TCP" is a requirement, then I'm going to move axfrdns to another IP and run "DNS over TCP" on the nameserver's IP. An official statement from Switch on what exactly is required would be nice :)

Daniel