The question isn't whether to offer TCP/53 up at the recursive server. The issue is that for you to use TCP/53 from your recursive server, it has to be offered up at the authoritative end.
The authoritative server operators have to offer TCP/53 and the firewall administrators between the recursive server and the authoritative servers have to allow the traffic.
-rob
Yes. This is true. But with a caching resolver being used for most interactive clients (web surfers), this doesn't cause any problem, other than the initial caching. OK I guess the question is this: How many milliseconds now on average does it take for my local dns server to obtain an address which is uncached using recursion up to the authoritative end using UDP And I guess the second question is: How many milliseconds on average would it take for my local dns server to obtain an address which is uncached using recursion up to the authoritative end using TCP. Once it is cached on my local caching server, its a non-issue if I am using some sort of persistent connection to my (non-authoritative) dns caching server. CP -- Chris Paul Rex Consulting, Inc 157 Rainbow Drive #5703, Livingston, TX 77399-1057 email: chris.paul@rexconsulting.net web: http://www.rexconsulting.net phone, direct: +1, 831.706.4211 phone, toll-free: +1, 888.403.8996 The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. Rex Consulting, Inc. is a California Corporation. P Please don't print this e-mail, unless you really need to.