UDP vs TCP

Thu Mar 15 13:21:40 UTC 2001

On 15 Mar 2001, Michael S Scheidell wrote:
> Brad: I assist in a Distributed Intrusion Detection system, and best I can
> tell, the only tcp port 53's I get are from hackers trying to find out
> more about our servers (and some old versions of the f5.com 3-dns server)
> Can you give me examples of when a normal 'query' would use tcp port53?

Responses exceeding 512 bytes are truncated and the truncate bit set.
The querying system can then submit the query via tcp to get the
full response.