[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP vs UDP for dns RE: Really odd problem

On Sep 29, 2004, at 11:39 AM, Philip Guenther wrote:

Jason Dixon <jason_(_at_)_dixongroup_(_dot_)_net> writes:
Not to say you're full of it, but... well maybe.  I explicitly block
all tcp/udp outbound from my LAN, allowing only "good" ports (udp/53
being one of them, tcp/53 not).  I have no problems running nslookup
queries on Windows or Linux.

By default, if a DNS resolver receives a truncated answer to a query sent via UDP, it will retry the query using TCP. If you never make queries that get truncated answers and never use AXFR or IXFR, then you won't see any errors from blocking tcp/53. 'Course, it's a bit difficult to guarantee that you'll never get a truncated answer...

Yes, that assumes no axfr. Sorry, I completely forgot about truncated. That's what I get for having a reliable DNS pool and not having to query it for large zones. ;-)

-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net

Visit your host, monkey.org