Usage of TCP/53

Peter Dambier peter at
Fri Sep 29 07:50:03 UTC 2006

Barry Margolin wrote:
> In article <efh5ui$2dk2$1 at>,
>  Peter Dambier <peter at> wrote:
>>All queries can be either UDP or TCP.
> Not quite.  The standards say that except for zone transfers, the client 
> MUST try UDP first, and only switch to TCP if the UDP response is 
> truncated.  So if all your responses fit in 500 bytes, TCP should never 
> be needed for non-transfer queries.
>> Sometimes servers, routers or
>>firewalls are broken and TCP is your only chance.
> Never heard of this case.  The usual problem is that TCP/53 is blocked 
> at the firewall, not UDP/53.  I've never heard of any common client 
> implementations automatically trying TCP when UDP times out, so if your 
> network only allows TCP then I'd expect 99% of queries to fail 
> completely.

There has been an issue with windows

"Mail may not be delivered to certain domains if Server OS is Windows Server 2003"

Some of those boxes are still outside and I guess they are not the only ones.

and with World Nic

"Worldnic Bug"


"using TCP53 for DNS"

"Problems with NS*"

I remember dns would use tcp on packetradio links (mtu < 256) when outside
routers did not understand ICMP (broken firewalls). The problem was in the routers splitting and
reassembling packets so resulting packetsize was > 512 and sometimes bigger
than the secret mtu of the broken firewalls.

Kind regards
Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP:
mail: peter at
mail: peter at

More information about the bind-users mailing list