DNS Flag Day: I had to open the TCP/53 port
Jeronimo L. Cabral
jelocabral at gmail.com
Mon Feb 4 14:07:34 UTC 2019
Ben, thanks a lot !!!
Regards
On Mon, Feb 4, 2019 at 11:04 AM Ben Croswell <ben.croswell at gmail.com> wrote:
> When a DNS response is too large to fit in a single UDP packet, 512 bytes
> up to 4k with edns, the DNS server will respond with as much as it can fit
> in the UDP packet. It will also set the truncate, TC, bit to let the client
> doing the query that the answer is truncated and the client should query
> again over TCP for the full answer.
>
> The TC bit is also used in conjunction with RRL.
>
> On Mon, Feb 4, 2019, 8:57 AM Roberto Carna <robertocarna36 at gmail.com
> wrote:
>
>> Thanks Ben for your response, can you tell me the types of TCP traffic I
>> have to expect in BIND, excepting Zone Tansfer?
>>
>> Thans a lot again!!!
>>
>> El lun., 4 feb. 2019 a las 10:50, Ben Croswell (<ben.croswell at gmail.com>)
>> escribió:
>>
>>> BIND has always required UDP and TCP 53 for proper functionality. It
>>> sometimes mistakenly believed that TCP is only for zone transfers but that
>>> is not the case.
>>>
>>> On Mon, Feb 4, 2019, 8:46 AM Roberto Carna <robertocarna36 at gmail.com
>>> wrote:
>>>
>>>> Dear, I have a BIND 9.10 public server and I have delegated some public
>>>> domains.
>>>>
>>>> When I test these domains with the EDNS tool offered in the DNS Flag
>>>> Day webpage, the test was wrong wit just UDP/53 port opened to Internet.
>>>>
>>>> After that, when I opened also TCP/53 port, the test was succesful.
>>>>
>>>> Please can you explain me the reason I have to open TCP/53 port to
>>>> Internet from February 1st to the future???
>>>>
>>>> Really thanks, regards.
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>>
>>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190204/2c9b61b2/attachment.html>
More information about the bind-users
mailing list