26 Mar
2010
26 Mar
'10
9:52 a.m.
On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said:
- Yes but as for DNS, anycast is essentially used for user requests (UDP) not to perform zone transfer(TCP).
DNS uses TCP for more than just XFR. For instance, if you're running a resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC signed reply, it's going to be over 512 bytes and the lack of EDNS0 will cause it to re-ask via TCP. Just mentioning it because the sort of sites that think TCP==XFR are the sort most likely to be running firewalls that munch the EDNS0 bits, and are setting themselves up for big surprises in the very near future.