Forcing BIND to use TCP (and not UDP)?
Mark Andrews
Mark_Andrews at isc.org
Mon Sep 26 23:35:20 UTC 2005
> I have an Internet-facing Solaris box (via a firewall) that's running
> BIND 9.2.3 and I'm seeing long delays in resolving names through it
> (it's not authoitative for any zones).
Upgrade and run "named -4" or get IPv6 connectivity.
> My current hypothesis is that the firewall is wrongly configured so
> that it allows outbound TCP to dport 53 but is blocking UDP. I think
> I've confirmed that by running "nc" on a remote system listening on
> both tcp/53 and udp/53. An nc client on my Solaris box can talk quite
> happily to the remote server using TCP but not at all using UDP. I'm
> assuming that named tries UDP first, times out, then tries TCP and
> gets a response, hence the delays.
No.
> Just to confirm the diagnosis, I'd like, if it's possible, to force
> named on the Solaris box to use TCP only. Can anyone advise if this
> is possible? I've found a usenet article that implies it is but
> doesn't say how to do it and I can't find anything relevant in "DNS
> and BIND".
>
> Suggestions much appreciated.
>
> Mike.
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list