Unexpected outgoing DNS traffic & "connection reset"

Merton Campbell Crockett mcc at CATO.GD-AIS.COM
Sun Oct 30 16:28:28 UTC 2005


On Sun, 30 Oct 2005, Steve Snyder wrote:

> I'm running BIND 9.2.1 (with security patches) on a Linux system.  My 
> nameserver should only be satisfying requests from the local network, and 
> caching resolutions from outside the network.  So why do I have outgoing 
> TCP traffic to destination port 53?
> 
> Here's a snippet of my named.conf:
> 
>    listen-on { 127.0.0.1; 192.168.0.1; };
>    allow-query { 127.0.0.1; 192.168.0/24; };
>    allow-transfer { 192.168.0/24; };
> 
> On my nameserver machine interface eth0 is 192.168.0.1 on a 192.168.0/24 
> network, and interface eth1 faces the internet (IP is obscured below as 
> "aaa.bbb.ccc.ddd").
> 
> My understanding is that TCP is only used when transferring a zone which 
> is too large to fit into a UDP packet.  Given that I am (in theory) not 
> transferring zones outside my LAN, there should be no need for outgoing 
> TCP traffic to port 53, right?

The days of only needing UDP port 53 to perform DNS queries are long over.  
There are a number of domains that will require you to use TCP just to get 
the list of name servers to query.

Merton Campbell Crockett


-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc at CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard



More information about the bind-users mailing list