[Pkg-clamav-devel] Bug#531998: clamav-unofficial-sigs: host -T doesn't work with all DNS servers
Paul Wise
pabs at debian.org
Sun Jun 7 06:28:49 UTC 2009
On Sat, 2009-06-06 at 23:22 -0700, Bill Landry wrote:
> It's only used twice in the script, and it was added because other users
> had reported that their DNS queries were being truncated due to DNS UDP
> packet size limitations, which "host -T" (TCP mode) overcomes.
>
> And the problem is not that DNS servers don't support TCP (all do), it's
> that some admins block TCP over port 53 on their firewalls, for some
> reason, which will cause problems when DNS servers automatically
> fall-back to TCP mode when the query response would be larger than a
> single UDP packet can support.
>
> Debian does not support "host -T", doesn't it? If you do:
Yes, Debian host supports -T.
> I've only heard one other complaint about this in the past, and I
> advised the person to open TCP on port 53 on their firewalls and that
> resolved the problem for them. Ask the person reporting the problem to
> check both their internal firewall (iptables, shorewall, etc.) and any
> external firewall (router ACL, PIX, WatchGuard, etc.) to make sure that
> TCP over port 53 is permitted and report back if that resolves the issue
> for them, as well.
Will do.
--
bye,
pabs
http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20090607/705ba2f5/attachment.pgp>
More information about the Pkg-clamav-devel
mailing list