regards
joe baptista
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
> Are there any configuration changes that can be made to BIND to force it to
> use TCP exclusively and never use UDP?
> Possible?
no.
--
Paul Vixie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Ok - thats unfortunate - your the expert here. If I restrict any UDP
traffic on port 53 will BIND fall back to TCP?
regards
joe baptista
>
> --
> Paul Vixie
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
if you think i'm the expert, then listen when i say, it's not unfortunate
that bind lacks this configuration option. such an option would belong on
http://failblog.org/.
> If I restrict any UDP traffic on port 53 will BIND fall back to TCP?
no. TCP is only required for zone transfers and after truncation on UDP.
every RDNS that ever tried 100% TCP failed spectacularly to achieve orbit.
I guess not, why?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
> On 10.08.08 10:56, Joe Baptista wrote:
> > Are there any configuration changes that can be made to BIND to force it to
> > use TCP exclusively and never use UDP?
> > Possible?
>
> I guess not, why?
I'm guessing he's considering this as a better solution to the Kaminsky
attack.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
>> > Are there any configuration changes that can be made to BIND to force
>> > it to use TCP exclusively and never use UDP? Possible?
>>
>> I guess not, why?
>
> I'm guessing he's considering this as a better solution to the Kaminsky
> attack.
noone who has read RFC 1035 4.2.2 will think TCP/53 is a solution to anything
other than zone transfer or truncation, and anyone who does read it will have
to realize that TCP/53 only works because there's no current benefit to be had
in holding TCP/53's head underwater.
--
Paul Vixie