What is the sense of telnet on 53 port?

Michael Kjorling michael at kjorling.com
Fri Jul 27 15:40:16 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jul 27 2001 01:24 -0700, Kankossa wrote:

> Thank you all for replies.
>
> Now I have the following questions:
>
> - I know that telnet, ftp, smtp, http both must read /etc/resolv.conf.

Do they? smtp and http are _protocols_, not _applications_, and I
assume that you refer to the protocols telnet and ftp as well.
(Actually, in that case, we should be talking about FTP, SMTP and
HTTP.) There is nothing in the RFCs AFAIK saying that they have to
read a specific file or even know how name resolution works. Telnet
predates DNS, if I am not misinformed.

> So, if I do: telnet www.redhat.com 80 and I reach it, this implicitely
> constituous a test that my DNS works (both gethostbyname() and
> gethostbyaddr() have been performed).

No - it means that you can successfully look up the name
www.redhat.com and reach that one particular IP. It doesn't prove that
"your DNS works" - the way to check that your DNS works would be more
like `dig @localhost www.redhat.com. a +norec' and examining the
output of that.

And why would gethostbyaddr() be called? I am not too much into BSD
sockets programming, but that doesn't seem to make sense to me. Most
telnets say something like:

	$ telnet myhost.corporation.com
	Trying 123.45.67.89...
	Connected to myhost.corporation.com
	...

I don't recall ever seeing the "connected to" host and the one on the
command line (or at least what is being passed to telnet) differ, even
when the given address and the PTR record for the IP are different.


> - Can Bind be forced to use only TCP to communicates?

With open source software, anything is possible. However, if you
remove UDP support from the BIND code base, you will severly limit
your ability to talk to clients that still expect UDP to be there. The
reason UDP is used instead of TCP is because the latter has a
three-way handshake (SYN, SYN/ACK, ACK) as well as a long shutdown
process in addition to the actual communications - which in DNS is
often limited to one packet in either direction. UDP only sends the
actual data.


> -In recent versions of Bind where DNSSEC and  IXFR, DDNS, Notify,
> EDNSO protocoles are included, is this means that TCP must be used
> instead of UDP even for a simples request of addresses resolutions?

No. TCP is used as a failover mechanism in case the answer is too long
to fit into the UDP packet (is it 512 bytes of payload?)

As long as the response can be compressed under 512 bytes, TCP is not
necessary. However, TCP is always used for zone transfers - at least
AXFR. I don't know about IXFR but I assume it is the same there.
Notify has, AFAIK, never been TCP-based. It is simply another type of
DNS query, just like SOA, NS, ANY, A, ... you get the point. DNSSEC is
merely a few more records in addition to that it specifies how those
should be created (by signing a zone), and verified to confirm
authenticity.

Unfortunately I don't have any pointers to the RFCs, but I assume that
RFC 1035 would be good reading in this case. It answers a lot of
questions.


Michael Kjörling

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

***** Please only send me emails which concern me *****

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7YYtnKqN7/Ypw4z4RAqWKAKDyn0BlrdOPLWmT3jGFJmz7ciF7OQCg9l6W
G2bnnp1ZkLN/haceDMF7WeA=
=5vp/
-----END PGP SIGNATURE-----




More information about the bind-users mailing list