Forcing BIND to use TCP (and not UDP)?

Mark Andrews Mark_Andrews at isc.org
Mon Sep 26 23:35:20 UTC 2005


> I have an Internet-facing Solaris box (via a firewall) that's running
> BIND 9.2.3 and I'm seeing long delays in resolving names through it
> (it's not authoitative for any zones).

	Upgrade and run "named -4" or get IPv6 connectivity.

> My current hypothesis is that the firewall is wrongly configured so
> that it allows outbound TCP to dport 53 but is blocking UDP.  I think
> I've confirmed that by running "nc" on a remote system listening on
> both tcp/53 and udp/53.  An nc client on my Solaris box can talk quite
> happily to the remote server using TCP but not at all using UDP.  I'm
> assuming that named tries UDP first, times out, then tries TCP and
> gets a response, hence the delays.

	No.
 
> Just to confirm the diagnosis, I'd like, if it's possible, to force
> named on the Solaris box to use TCP only.  Can anyone advise if this
> is possible?  I've found a usenet article that implies it is but
> doesn't say how to do it and I can't find anything relevant in "DNS
> and BIND".
> 
> Suggestions much appreciated.
> 
> Mike.
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list