Usage of TCP/53

Peter Dambier peter at peter-dambier.de
Fri Sep 29 07:50:03 UTC 2006


Barry Margolin wrote:
> In article <efh5ui$2dk2$1 at sf1.isc.org>,
>  Peter Dambier <peter at peter-dambier.de> wrote:
> 
> 
>>All queries can be either UDP or TCP.
> 
> 
> Not quite.  The standards say that except for zone transfers, the client 
> MUST try UDP first, and only switch to TCP if the UDP response is 
> truncated.  So if all your responses fit in 500 bytes, TCP should never 
> be needed for non-transfer queries.
> 
> 
>> Sometimes servers, routers or
>>firewalls are broken and TCP is your only chance.
> 
> 
> Never heard of this case.  The usual problem is that TCP/53 is blocked 
> at the firewall, not UDP/53.  I've never heard of any common client 
> implementations automatically trying TCP when UDP times out, so if your 
> network only allows TCP then I'd expect 99% of queries to fail 
> completely.
> 

There has been an issue with windows

"Mail may not be delivered to certain domains if Server OS is Windows Server 2003"
http://support.microsoft.com/?id=820284

Some of those boxes are still outside and I guess they are not the only ones.


and with World Nic

"Worldnic Bug"
http://www.simpledns.com/kb.asp?kbid=1161

On NANOG

"using TCP53 for DNS"
http://www.merit.edu/mail.archives/nanog/2005-04/msg00746.html

"Problems with NS*.worldnic.com"
http://www.merit.edu/mail.archives/nanog/2005-04/msg00714.html


I remember dns would use tcp on packetradio links (mtu < 256) when outside
routers did not understand ICMP (broken firewalls). The problem was in the routers splitting and
reassembling packets so resulting packetsize was > 512 and sometimes bigger
than the secret mtu of the broken firewalls.


Kind regards
Peter and Karin

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/



More information about the bind-users mailing list