[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP vs UDP for dns RE: Really odd problem
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: TCP vs UDP for dns RE: Really odd problem
- From: Jason Dixon <jason_(_at_)_dixongroup_(_dot_)_net>
- Date: Wed, 29 Sep 2004 11:54:19 -0400
On Sep 29, 2004, at 11:39 AM, Philip Guenther wrote:
Jason Dixon <jason_(_at_)_dixongroup_(_dot_)_net> writes:
Not to say you're full of it, but... well maybe. I explicitly block
all tcp/udp outbound from my LAN, allowing only "good" ports (udp/53
being one of them, tcp/53 not). I have no problems running nslookup
queries on Windows or Linux.
By default, if a DNS resolver receives a truncated answer to a query
sent via UDP, it will retry the query using TCP. If you never make
queries that get truncated answers and never use AXFR or IXFR, then
you won't see any errors from blocking tcp/53. 'Course, it's a bit
difficult to guarantee that you'll never get a truncated answer...
Yes, that assumes no axfr. Sorry, I completely forgot about truncated.
That's what I get for having a reliable DNS pool and not having to
query it for large zones. ;-)
Jason Dixon, RHCE
Visit your host, monkey.org