On Fri, Feb 22, 2002 at 10:32:10AM -0800, Tom Marshall wrote:
> DNS uses UDP. TCP is normally only used for zone transfers. There is
> significant philosophical discussion about this issue every time it is
> raised.. apparently some version(s) of AIX always use TCP for DNS requests.
> But it works for about 99.999% of all requests.
It's not a philosophical question, but a technical question about whether
you support the standard. You can make up rationalisations about why
your standard violation won't affect you, but those self-justifications
are irrelevant. Your implementation is either standard-conforming, or not.
Blocking TCP DNS requests isn't, plain and simple. Face it. Say it out loud:
I advocate implementing DNS in a broken way,
and I have no good technical reason for it,
just some hearsay-it's-safer-that-way feeling.
You are free to call that philosophy. I chose to call it stupidity.
best regards
Patrick
