DNS problem
Barry Margolin
barmar at alum.mit.edu
Tue Mar 2 21:19:27 UTC 2004
In article <c22t0j$1cfm$1 at sf1.isc.org>,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Tue, Mar 02, 2004 at 08:19:11PM +0100,
> HuMPie <humpie at grunn.org> wrote
> a message of 60 lines which said:
>
> > The only port's the DNS traffic's use is:
> > - UDP port 53 for resolving
> > - TCP port 53 for zone transfers
>
> This is a common misconception but it is wrong nevertheless.
> Do note that TCP is mandatory for zone transfer but it is allowed for
> other activities (typically, when the reply is too big to fit in the
> UDP packet).
In fact, that's the *only* time it should be used. RFC 1123 says:
6.1.3.2 Transport Protocols
DNS resolvers and recursive servers MUST support UDP, and
SHOULD support TCP, for sending (non-zone-transfer) queries.
Specifically, a DNS resolver or server that is sending a
non-zone-transfer query MUST send a UDP query first. If the
Answer section of the response is truncated and if the
requester supports TCP, it SHOULD try the query again using
TCP.
DNS servers MUST be able to service UDP queries and SHOULD
be able to service TCP queries. A name server MAY limit the
resources it devotes to TCP queries, but it SHOULD NOT
refuse to service a TCP query just because it would have
succeeded with UDP.
Microsoft Exchange is violating this by sending their initial MX query
using TCP.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
More information about the bind-users
mailing list