Re: Diagnostic help part 2

2014-10-01 Thread Anders Löwinger
On 2014-10-02 01:03, Mark Andrews wrote: > TCP has always been required for DNS except in very special > circumstances. Go read RFC 1123. Go look at the definition of > SHOULD. Unless you really knew what you were doing TCP as always > been expected to be ON. Some people refuse to enable stuff

Re: Diagnostic help part 2

2014-10-01 Thread Bill Christensen
Thanks! That cleared up a number of problems. Now to tackle some of the others... On 10/1/14, 2:51 PM, John Anderson wrote: If you would be so kind as to run the nmap test again from your location and let >me know if you're seeing the correct - or at least *more* correct answers, I'd >apprec

Re: Diagnostic help part 2

2014-10-01 Thread Mark Andrews
In message <5D9044356DCF9341A7D1CDAE12FC601C2976D2A5@exch10-mb2.ccbill-hq.local >, John Anderson writes: > >If you would be so kind as to run the nmap test again from your location and > let >me know if you're seeing the correct - or at least *more* correct answe > rs, I'd >appreciate it. > > Bi

RE: Diagnostic help part 2

2014-10-01 Thread John Anderson
>If you would be so kind as to run the nmap test again from your location and >let >me know if you're seeing the correct - or at least *more* correct >answers, I'd >appreciate it. Bill, It looks good now. Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-01 12:47 MST Nmap scan report for www3.

Re: Diagnostic help part 2

2014-10-01 Thread Tony Finch
Mike Hoskins (michoski) wrote: > > This isn't even specific to DNS...for example, there was a time when just > "turning on what sounds good" for cisco, netscreen and even checkpoint > would break other things like ESMTP. You mean Cisco have fixed the grossly damaging bugs in the PIX/ASA applicati

Re: Diagnostic help part 2

2014-10-01 Thread Mike Hoskins (michoski)
-Original Message- From: Doug Barton Date: Wednesday, October 1, 2014 at 2:07 PM To: "bind-users@lists.isc.org" Subject: Re: Diagnostic help part 2 >On 10/1/14 8:17 AM, Barry Margolin wrote: >> In article , >> Eli Heady wrote: >> >>> With response sizes growing (dnssec, ipv6), answers

Re: Diagnostic help part 2

2014-10-01 Thread Doug Barton
On 10/1/14 8:17 AM, Barry Margolin wrote: In article , Eli Heady wrote: With response sizes growing (dnssec, ipv6), answers are more likely to be too large for UDP. That's unlikely. That's why EDNS was created, so that these large answers wouldn't require TCP. ... and more than a decade

Re: Diagnostic help part 2

2014-10-01 Thread Barry Margolin
In article , Eli Heady wrote: > With response sizes growing (dnssec, ipv6), answers are more likely to be > too large for UDP. That's unlikely. That's why EDNS was created, so that these large answers wouldn't require TCP. -- Barry Margolin Arlington, MA _