Paul Heinlein wrote: > On Thu, 23 Aug 2007, Feizhou wrote: > >> >>> You only need the tcp rule if you plan on serving up zone >>> transfers, not if plan on only requesting them. >>> >> >> Well, very rare but answers that are over 512 bytes will have to be >> sent over tcp since the rfc 1035 mandates maximum 512 bytes for the >> udp payload. So tcp is not just for zone transfers only. > > Note that by default Win 2003 uses a packet size of 1280 per Paul > Vixie's suggestion in RFC 2671 section 4.5.1. I don't know if any other > OS implementations do the same. > > In any event, I've found it helpful to allow up to 1280 bytes of DNS UDP > traffic. Setting the limit at 512 triggers a noticable number of > retries, at least in our environment. > Sigh. I can see some caching servers with big scissors to apply to udp packets...if they at all issue queries that get such large replies...