15 Dec
2005
15 Dec
'05
10:40 a.m.
Hi,
On Thu, 15 Dec 2005, Daniel Lorch wrote:
Hi
Besides AXFRs, as stated by the RFC, there may be perfectly valid reasons for DNS over TCP, for example when answers exceed 512 bytes. As for AXFRs from unwanted sources, you can filter them with bind ACLs, as explained in another post.
How does a client know in advance whether the DNS answer will exceed 512 bytes? Just curious.
Indeed, the client has no way to know in advance. When it happens, the server returns an answer with the truncated bit set (TC). The client retries then over TCP.
- yann