Iain Conochie wrote:
> On Wed, 21 Feb 2001, Colin McKinnon wrote:
>
>
>> masquerading for TCP _and_ UDP?
>
>
> Yup - that was the only way that quiries from the name server would be
> answered by the internet. Does bind actually _use_ TCP??
UDP can fail if the reply can't fit into a UDP DNS packet.
In such a case a flag is set in the packet, and the protocol will retry using TCP
TCP is also used for zone transfers.
>From my
> understanding (abiet limited) DNS requests are UDP packets. Your browser
> (or whatever) waits for, say, 90 seconds and times out if no reply is
> recieved. TCP would involve too much overhead for a name lookup. Is this
> right??
>
>
>> I think I would do it by adding input firewall rules allowing connections
>> to port 53 from the internal network but disallowing from everywhere else.
>
>
> See above...
>
> Sorry if I am picking brains and loose strings - I just wanna _understand_
> what the fsck is going on here.
>
HTH
Lawrence
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
