Usage of TCP/53
Peter Dambier
peter at peter-dambier.de
Fri Sep 29 07:50:03 UTC 2006
Barry Margolin wrote:
> In article <efh5ui$2dk2$1 at sf1.isc.org>,
> Peter Dambier <peter at peter-dambier.de> wrote:
>
>
>>All queries can be either UDP or TCP.
>
>
> Not quite. The standards say that except for zone transfers, the client
> MUST try UDP first, and only switch to TCP if the UDP response is
> truncated. So if all your responses fit in 500 bytes, TCP should never
> be needed for non-transfer queries.
>
>
>> Sometimes servers, routers or
>>firewalls are broken and TCP is your only chance.
>
>
> Never heard of this case. The usual problem is that TCP/53 is blocked
> at the firewall, not UDP/53. I've never heard of any common client
> implementations automatically trying TCP when UDP times out, so if your
> network only allows TCP then I'd expect 99% of queries to fail
> completely.
>
There has been an issue with windows
"Mail may not be delivered to certain domains if Server OS is Windows Server 2003"
http://support.microsoft.com/?id=820284
Some of those boxes are still outside and I guess they are not the only ones.
and with World Nic
"Worldnic Bug"
http://www.simpledns.com/kb.asp?kbid=1161
On NANOG
"using TCP53 for DNS"
http://www.merit.edu/mail.archives/nanog/2005-04/msg00746.html
"Problems with NS*.worldnic.com"
http://www.merit.edu/mail.archives/nanog/2005-04/msg00714.html
I remember dns would use tcp on packetradio links (mtu < 256) when outside
routers did not understand ICMP (broken firewalls). The problem was in the routers splitting and
reassembling packets so resulting packetsize was > 512 and sometimes bigger
than the secret mtu of the broken firewalls.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the bind-users
mailing list