In message <4828.1269611568@localhost>, Valdis.Kletnieks@vt.edu writes:
--==_Exmh_1269611568_4209P Content-Type: text/plain; charset=us-ascii
On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said:
- Yes but as for DNS, anycast is essentially used for user requests (UDP) not to perform zone transfer(TCP).
DNS uses TCP for more than just XFR. For instance, if you're running a resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC signed reply, it's going to be over 512 bytes and the lack of EDNS0 will cause it to re-ask via TCP.
DNSSEC depends on EDNS and DO being set in the EDNS OPT record, so won't get DNSSEC records, except in response to * queries, for non EDNS queries.
Just mentioning it because the sort of sites that think TCP==XFR are the sort most likely to be running firewalls that munch the EDNS0 bits, and are setting themselves up for big surprises in the very near future.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org