[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2003 ]

Re: [edlug] loading kernel modules



* Stephen C Tweedie wrote:

> UDP definitely does _detect_ packet corruption, but it simply drops the
> packet if it arrives with an invalid checksum.  There are no retry
> abilities, so corruption simply counts as packet loss.  UDP also doesn't
> guarantee that packets will arrive at the destination in the same order
> they were sent in; and it doesn't have a concept of a "connection", so
> there are no connect/disconnect/reset packets.

Related to this (well, not really), if you are using DNS I think you
need to set things up to allow DNS replies back in, which are UDP (can
they be TCP? they probably can actually) For the reasons Stephen says
above, I'm not sure that you can do the same trick with UDP that you
can with TCP and only allow established connections, because there is
no connection state...

We do this by forcing our nameserver to source queries from port 53,
and then only allowing UDP back to port 53, but I always feel a bit
queasy about this.  Does anyone know a better way? (using TCP would be
the obvious one, but I'm not sure if I know how to get BIND to do
that...)

--tim

-----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage