DNS problem
Mark Andrews
Mark_Andrews at isc.org
Tue Mar 2 22:14:31 UTC 2004
> In article <c22t0j$1cfm$1 at sf1.isc.org>,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> > On Tue, Mar 02, 2004 at 08:19:11PM +0100,
> > HuMPie <humpie at grunn.org> wrote
> > a message of 60 lines which said:
> >
> > > The only port's the DNS traffic's use is:
> > > - UDP port 53 for resolving
> > > - TCP port 53 for zone transfers
> >
> > This is a common misconception but it is wrong nevertheless.
> > Do note that TCP is mandatory for zone transfer but it is allowed for
> > other activities (typically, when the reply is too big to fit in the
> > UDP packet).
>
> In fact, that's the *only* time it should be used. RFC 1123 says:
>
> 6.1.3.2 Transport Protocols
>
> DNS resolvers and recursive servers MUST support UDP, and
> SHOULD support TCP, for sending (non-zone-transfer) queries.
> Specifically, a DNS resolver or server that is sending a
> non-zone-transfer query MUST send a UDP query first. If the
> Answer section of the response is truncated and if the
> requester supports TCP, it SHOULD try the query again using
> TCP.
>
> DNS servers MUST be able to service UDP queries and SHOULD
> be able to service TCP queries. A name server MAY limit the
> resources it devotes to TCP queries, but it SHOULD NOT
> refuse to service a TCP query just because it would have
> succeeded with UDP.
The DNS has evolved a lot since RFC 1123 was written.
OPCODEs other than QUERY are now widely used and for some
of them it is better / recommended to use TCP. UPDATE is
a example.
In otherwords if you run a nameserver you should expect
TCP request so you should be listening for TCP requests.
You can't know in advance what requests your clients will
be making.
> Microsoft Exchange is violating this by sending their initial MX query
> using TCP.
Agreed.
Mark
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list