Diagnostic help part 2

John Anderson johna at ccbill.com
Wed Oct 1 19:51:54 UTC 2014

>If you would be so kind as to run the nmap test again from your location and let >me know if you're seeing the correct - or at least *more* correct answers, I'd >appreciate it.


It looks good now.

Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-01 12:47 MST
Nmap scan report for www3.greenbuilder.com (
Host is up (0.087s latency).
53/tcp open  domain
53/udp open  domain

>I know Bill's issue is solved, but I want to point out that anyone running DNS >would be wise to not block TCP/53. TCP service for queries is specified in the >protocol design, and not just for transfers. Failing UDP queries should result in >retries over TCP
>With response sizes growing (dnssec, ipv6), answers are more likely to be too >large for UDP.


Good advice leaving TCP/53 open as well.  I haven't done much in the way of IPv6, but one thing is certain.  It's coming, and DNS responses aren't going to get any smaller.   It's best to be future ready.


John A.

More information about the bind-users mailing list