Re: Problems with IP tables firewall (DNS and what the heck is this WinME box doing)
>>>>> "MW" == Michael Wood <email@example.com> writes:
MW> AFAIK, TCP is used to zone transfers and also other large
MW> queries. Not sure what "large" is defined as, though.
I think the RFC says the limit is 512 bytes for the UDP payload.
MW> i.e. by blocking TCP port 53, most things will work, but
MW> there's a chance that some large queries will not work.
AFAIK, you will get an answer and it might be what you want, but it
will be truncated. An interesting question is what happens when a
resolver sitting behind a broken firewall tries a TCP query upon
receiving a truncated UDP answer. One unpleasant consequence
might be the app blocking on the resolver call for a long time.