From owner-freebsd-current  Sun Jun 30 12:45:16 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA10339
          for current-outgoing; Sun, 30 Jun 1996 12:45:16 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA10326
          for <current@FreeBSD.ORG>; Sun, 30 Jun 1996 12:45:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with SMTP id NAA00922; Sun, 30 Jun 1996 13:44:45 -0600 (MDT)
Message-Id: <199606301944.NAA00922@rover.village.org>
To: Ollivier Robert <roberto@keltia.freenix.fr>
Subject: Re: Firewalling DNS TCP (was Re: IPFW bugs?) 
Cc: nash@mcs.com, current@FreeBSD.ORG, nate@mt.sri.com
In-reply-to: Your message of Sun, 30 Jun 1996 00:51:43 +0200
Date: Sun, 30 Jun 1996 13:44:44 -0600
From: Warner Losh <imp@village.org>
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

: In  practice, if you're sure  no query can be of  more than 512 bytes, then
: you can cut TCP/53. BUt IMO you don't gain that much.

There was a discussion in I think namedroppers (or was that
comp.protocols.tcp-ip.domain) that concluded this is a *BAD* idea.  If
you have any large records, they will be truncated by this and could
lead to bogus mail delivery (if the remote end doesn't properly detect
the truncated bit).  It really buys you nothing unless you and all of
your secondaries do the same thing.  You do have secondaries on
multiple nets, right?

Warner