Disable TCP/53

Danny Mayer mayer at gis.net
Fri Feb 22 05:05:10 UTC 2002

At 01:49 AM 2/21/02, Tan Chun Han/ITNOC/PBB/PBBG wrote:

>hi phn, as far as i know, DNS should use UDP/53 only and not TCP, that =
>our FW is configured for UDP, unless there's zone transfers. as for our=
>case, this
>is only our Internal DNS for it to resolve MX records and www addresses=
>therefore we don't need TCP/53 for name server resolving.
Then your FW configuration is broken.  DNS listens on both TCP/53 and UDP/53
and is required to do so. There are a number of cases where the UDP
packet is too small for the response to the query, so the truncation bit is set
on the response so that the request may retry using TCP.


