Can I forward DNS request using TCP?

Dan Mahoney, System Admin danm at prime.gushi.org
Tue Jul 22 01:01:23 UTC 2008 

On Mon, 21 Jul 2008, Chris Buxton wrote:

> I suspect forwarding is not the best solution for you, but if you feel
> you must...
>
> There is no way to configure BIND to send all queries to a forwarder
> over TCP instead of UDP. And the operator of that forwarder probably
> wouldn't appreciate it if you could.
>
> If the UDP packets aren't arriving, check all the firewalls in between
> (and at both ends). Make sure you're sending the packets to a DNS
> server. Verify with the server's operator that this is OK.
>
> Or, alternatively, forward somewhere else. opendns.com's forwarders,
> for example.

Chris,

This is off-topic, but related (if that makes sense).

I too have wondered about such a request.  Often times, when traveling by 
train (commuting to NYC a few years ago) and using a crappy GPRS 
connection, I found web-surfing to be almost impossible unless I 
prepopulated my hosts file and did some creative proxying.  However, for 
non-proxyable services, I would use the ip rather than the name for hosts 
that I routinely logged into (via SSH, IMAP and AIM) where the actual data 
side was low-volume.

I realized that if the OS's DNS was TCP based (with a 60 second connect 
time out, and guaranteed retransmissions) it would solve these issues -- 
assume that I control my own DNS server and know I allow TCP.

However, since the "just use TCP" option's not available in any of the 
OSes I've used (but really should be) I realized that a local, caching 
bind (which supported a similar option) could also be useful, on some 
level.

I.e. the host's FIRST attempt to resolve and connect would fail (since it 
would still time out waiting for the OS talking UDP to its local BIND to 
do the TCP connection) -- but subsequent ones would work, since BIND could 
hand off a very low negative TTL and maintain cache.  After that, once it 
was in cache, all could be well.

I should note that this is one of the VERY FEW cases where I advocate 
overriding TTL's...And also one of the very few cases where I see the 
advantage in loading from a cache of pre-populated hosts.

This is very much against a lot of the DNS standards and protocols...but 
then, cellular internet is hardly standard.

-Dan

-- 

"A single death is a tragedy.  A million deaths is a statistic."

-Josef Stalin, As quoted on the cover to Savatage's "Dead Winter Dead"

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

More information about the bind-users mailing list