elektra icon indicating copy to clipboard operation
elektra copied to clipboard

Published 20 hours ago verified publisher icon sapcc

SecurityGroups: DNS should be TCP+UDP

Open Finkregh opened this issue 4 years ago • 3 comments

The SG wizard for DNS should create rules for UDP+TCP, currently it only creates one for TCP:

image

Finkregh avatar Dec 04 '20 10:12 Finkregh

I originally requested this change - but IMHO we need NO TCP rule at all - and only an egress-UDP-port53 rule for DNS queries!

danielFoe avatar Dec 04 '20 11:12 danielFoe

it will also use TCP when the answer size exceeds the packet size, see https://tools.ietf.org/html/rfc7766

Finkregh avatar Dec 09 '20 20:12 Finkregh

Bump: stumbled over this as well. I think linux can do a TCP fallback, but windows can not, and ideally it would be both.

B1Sandmann avatar Sep 20 '21 13:09 B1Sandmann