need testers for a ipfw rule generation script!

[Łukasz Bromirski]

Boris Staeblow wrote:

> > DNS can also be TCP.
> > (noted by a colleague who seemed to have a closer look at it).
> under which circumstances is a DNS TCP connection needed?
> (I´ve never used a DNS TCP rule before - without any problem)

When reply can't be inserted into single UDP datagram - about
64K for systems going per RFC, and about 8K for old very
strange implementations. 64K is quite large space for most
queries, but I've for example seen bind 9 making TCP
connection when asked for zone xfer, that would exceed 512 bytes.

It's safe to let tcp/udp 53 get in.

-- 
Łukasz Bromirski                             lbromirski:mr0vka.eu.org