rfc6891 states that it uses TCP to avoid truncated UDP responses. It is all about packet size,fragmentation and network load.
EDNS(0) specifies a way to advertise additional features such as larger response size capability, which is intended to help avoid truncated UDP responses, which in turn cause retry over TCP. It therefore provides support for transporting these larger packet sizes without needing to resort to TCP for transport. Announcing UDP buffer sizes that are too small may result in fallback to TCP with a corresponding load impact on DNS servers. This is especially important with DNSSEC, where answers are much larger. From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Roberto Carna Sent: Monday, February 4, 2019 4:46 PM To: ML BIND Users <bind-users@lists.isc.org> Subject: DNS Flag Day: I had to open the TCP/53 port Dear, I have a BIND 9.10 public server and I have delegated some public domains. When I test these domains with the EDNS tool offered in the DNS Flag Day webpage, the test was wrong wit just UDP/53 port opened to Internet. After that, when I opened also TCP/53 port, the test was succesful. Please can you explain me the reason I have to open TCP/53 port to Internet from February 1st to the future??? Really thanks, regards.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users