On Thu, 6 Oct 2005 15:07:23 -0500 eric <[EMAIL PROTECTED]> wrote: > On Thu, 2005-10-06 at 14:04:20 +0100, ed proclaimed... > > > I use TinyDNS here, so we don't really need to transfer zones as its > > handled with a single data file. CARP can be good with DNS. > > 53/tcp *is* required to answer normal queries.
TCP for for DNS lookups are probably going to incur latency. I'd rather just block that off and ensure that the DNS being provided does not leak excess > 512 bytes. This might cause some problems with huge round robin lists, but we can all use pf round robin at the level should we require a huge address list. > Since you're drinking djb's koolaid, see > > <http://cr.yp.to/djbdns/tcp.html#why> > > 512-bytes uncommon or a "mistake"? I think not. DJB woke a large portion of the world when he released djbdns, I'd not knock it, and it's pretty good advice at the above URL. -- Regards, Ed http://www.usenix.org.uk
