Forcing BIND to use TCP (and not UDP)?
Mike
mike at kempston.net
Sun Sep 25 17:36:07 UTC 2005
I have an Internet-facing Solaris box (via a firewall) that's running
BIND 9.2.3 and I'm seeing long delays in resolving names through it
(it's not authoitative for any zones).
My current hypothesis is that the firewall is wrongly configured so
that it allows outbound TCP to dport 53 but is blocking UDP. I think
I've confirmed that by running "nc" on a remote system listening on
both tcp/53 and udp/53. An nc client on my Solaris box can talk quite
happily to the remote server using TCP but not at all using UDP. I'm
assuming that named tries UDP first, times out, then tries TCP and
gets a response, hence the delays.
Just to confirm the diagnosis, I'd like, if it's possible, to force
named on the Solaris box to use TCP only. Can anyone advise if this
is possible? I've found a usenet article that implies it is but
doesn't say how to do it and I can't find anything relevant in "DNS
and BIND".
Suggestions much appreciated.
Mike.
More information about the bind-users
mailing list