Can I forward DNS request using TCP?
Dan Mahoney, System Admin
danm at prime.gushi.org
Tue Jul 22 01:01:23 UTC 2008
On Mon, 21 Jul 2008, Chris Buxton wrote:
> I suspect forwarding is not the best solution for you, but if you feel
> you must...
>
> There is no way to configure BIND to send all queries to a forwarder
> over TCP instead of UDP. And the operator of that forwarder probably
> wouldn't appreciate it if you could.
>
> If the UDP packets aren't arriving, check all the firewalls in between
> (and at both ends). Make sure you're sending the packets to a DNS
> server. Verify with the server's operator that this is OK.
>
> Or, alternatively, forward somewhere else. opendns.com's forwarders,
> for example.
Chris,
This is off-topic, but related (if that makes sense).
I too have wondered about such a request. Often times, when traveling by
train (commuting to NYC a few years ago) and using a crappy GPRS
connection, I found web-surfing to be almost impossible unless I
prepopulated my hosts file and did some creative proxying. However, for
non-proxyable services, I would use the ip rather than the name for hosts
that I routinely logged into (via SSH, IMAP and AIM) where the actual data
side was low-volume.
I realized that if the OS's DNS was TCP based (with a 60 second connect
time out, and guaranteed retransmissions) it would solve these issues --
assume that I control my own DNS server and know I allow TCP.
However, since the "just use TCP" option's not available in any of the
OSes I've used (but really should be) I realized that a local, caching
bind (which supported a similar option) could also be useful, on some
level.
I.e. the host's FIRST attempt to resolve and connect would fail (since it
would still time out waiting for the OS talking UDP to its local BIND to
do the TCP connection) -- but subsequent ones would work, since BIND could
hand off a very low negative TTL and maintain cache. After that, once it
was in cache, all could be well.
I should note that this is one of the VERY FEW cases where I advocate
overriding TTL's...And also one of the very few cases where I see the
advantage in loading from a cache of pre-populated hosts.
This is very much against a lot of the DNS standards and protocols...but
then, cellular internet is hardly standard.
-Dan
--
"A single death is a tragedy. A million deaths is a statistic."
-Josef Stalin, As quoted on the cover to Savatage's "Dead Winter Dead"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the bind-users
mailing list