DNS problem

Mark Andrews Mark_Andrews at isc.org
Tue Mar 2 22:14:31 UTC 2004 

> In article <c22t0j$1cfm$1 at sf1.isc.org>,
>  Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> 
> > On Tue, Mar 02, 2004 at 08:19:11PM +0100,
> >  HuMPie <humpie at grunn.org> wrote 
> >  a message of 60 lines which said:
> > 
> > > The only port's the DNS traffic's use is:
> > > - UDP port 53 for resolving
> > > - TCP port 53 for zone transfers
> > 
> > This is a common misconception but it is wrong nevertheless.
> > Do note that TCP is mandatory for zone transfer but it is allowed for
> > other activities (typically, when the reply is too big to fit in the
> > UDP packet).
> 
> In fact, that's the *only* time it should be used.  RFC 1123 says:
> 
>          6.1.3.2  Transport Protocols
> 
>             DNS resolvers and recursive servers MUST support UDP, and
>             SHOULD support TCP, for sending (non-zone-transfer) queries.
>             Specifically, a DNS resolver or server that is sending a
>             non-zone-transfer query MUST send a UDP query first.  If the
>             Answer section of the response is truncated and if the
>             requester supports TCP, it SHOULD try the query again using
>             TCP.
> 
>             DNS servers MUST be able to service UDP queries and SHOULD
>             be able to service TCP queries.  A name server MAY limit the
>             resources it devotes to TCP queries, but it SHOULD NOT
>             refuse to service a TCP query just because it would have
>             succeeded with UDP.

	The DNS has evolved a lot since RFC 1123 was written.

	OPCODEs other than QUERY are now widely used and for some
	of them it is better / recommended to use TCP.  UPDATE is
	a example.

	In otherwords if you run a nameserver you should expect
	TCP request so you should be listening for TCP requests.
	You can't know in advance what requests your clients will
	be making.

> Microsoft Exchange is violating this by sending their initial MX query 
> using TCP.

	Agreed.  

	Mark
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list