North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: large organization nameservers sending icmp packets to dns servers.
> >> ... but a TCP connection will consume a > >> significant amount of a name server's resources. > > > > ...wrong. > > Wanting to understand this comment, ... the resources given a nameserver to TCP connections are tightly controlled, as described in RFC 1035 4.2.2. so while TCP/53 can become unreliable during high load, the problems will be felt by initiators not targets. (this is why important AXFR targets have to be firewalled down to a very small population of just one's own nameservers, and is why important zones have to use unpublished primary master servers, and is why f-root's open AXFR of the root zone is a diagnostic service not a production service.)