On 2010-03-26, at 06:40, Max Larson Henry wrote: >>> has someone experience in anycast ipv4 networks (to support DNS)? >> >> "Never been done" "Dangerous" "TCP does not work" etc etc etc. > > - Yes but as for DNS, anycast is essentially used for user requests (UDP) > not to perform zone transfer(TCP).
As others have mentioned, TCP can generally be used for any DNS query, not just AXFR. This becomes more important as DNS responses get bigger, e.g. responses from root servers due to the root zone containing DNSSEC information, see <http://www.root-dnssec.org/>. If your nameserver can't be reached over TCP, it's likely that there are people who can't talk to your nameserver. This means your DNS records can't be found. This is a bad thing. Here, in glorious LOLCAPS: ALWAYS MAKE SURE YOUR DNS SERVER CAN BE REACHED OVER TCP TCP IS NOT JUST FOR ZONE TRANSFERS FIX YOUR FIREWALLS :-) Joe
