From: [EMAIL PROTECTED] > > The machine in question doesn't run pf, and the DSL router > that it is > > connected to doesn't have the option to change ports... :( > > > > So I'd like to settle this with named alone. :) > > > > Thanks, > > Constantine. > > > Correct me if I'm wrong (and I usually am) but I thought DNS > (and named > specifically) only used tcp connections for zone transfers. > > If you only allow resolution and not zone transfers, named should only > communicate via UDP... no need for nasty pf work.
http://cr.yp.to/djbdns/tcp.html#why outlines cases where TCP is needed. Large result sets (over 512 bytes) may qualify the use of TCP, but I'm not clear on whether than means your named needs to bind to 53/tcp to handle those correctly. DS
