[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>On Thu, May 16, 2002 at 02:11:33PM -0400, Ramin Alidousti wrote:
>>
>> When does a UDP DNS query result in a TCP response? DNS doesn't work that
>> way. See rfc1035.
>
>I believe it does in the case of *large* responses:
>
>http://www.acmebw.com/askmrdns/archive.php?category=81&question=189
>
I believe Ramin wasn't actually expecting an answer to his question :-)
It should actually be taken as a statement.
One cannot simply send a UDP packet and expect a tcp packet in return,
since tcp require a packet exchange of three packets before any actual
data goes over it. So what happen in reality is that the client sends
a udp packet, either gets a response to use tcp or gets no response
at all; in both cases the client is supposed to revert to tcp for
the DNS lookup, and this means going through the SYN, SYN+ACK, ACK
3-way handshake first.
As you can see, a firewall will not have any problems with this type of
packet exchange.
Regards,
Filip
Title: RE: how smart is the state engine?
- how smart is the state engine? nickd
- Re: how smart is the state engine? Ramin Alidousti
- Re: how smart is the state engine? nickd
- Installing iptables 1.2.6a Eric K Parsons
- Re: Installing iptables 1.2.6a Sascha Reissner
- Re: how smart is the state engine? Sneppe Filip
- RE: how smart is the state engine? Sneppe Filip
