5 Feb
2002
5 Feb
'02
15:44
ACk, only an old bind (below v8) is using 53 > 53 by default. well but what would you know about other resolvers say those that come with tiny dns or djbdns or whatever or even M$ windows. I am not saying
they do so but it is not good to assume!
You need to allow nameservice request from 1024 (and above) to 53 by using tcp. you do not need to use udp. Still works without udp.
you do. dns only resorts to tcp when the answer is bigger than can be sent in a UDP packet. The majority of dns requests are UDP requests. Also tcp is used for the BIND way of doing zone transfers. I am told that djbdns uses rsync over ssh for zone transfers. I do not know much about that... as I do not use djbdns. Noah.