tcp/udp, clarification please

Simon Waters Simon at
Wed Oct 10 16:46:04 UTC 2001

Eoin Miller wrote:
> basically its my understanding that using BIND with only UDP can be a bit
> more secure, my question is this, are there any types of OS's that require
> the resolving server to use TCP? or are there any other downsides to not
> letting TCP traffic through the firewall.

DNS uses both UDP and TCP. 

Any attempt to implement a DNS service without allowing both is
clearly in breach of the RFC's, and likely to cause incorrect

A common mistake is to block TCP, I've made it myself in earlier
times, but it is wrong to do so.

Cricket Liu gave some examples of resolvers that ONLY use TCP in
this list recently, although they were a pretty esoteric bunch,
and have probably been long since retired.

More information about the bind-users mailing list