Re: DNS requests switch from UDP to TCP

muxaul_at_lenta.ru
Date: 04/19/05

• Next message: Shannon Sumner: "Please Help! DSL Problems"
• Previous message: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• In reply to: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Next in thread: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Reply: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Reply: Rick Jones: "Re: DNS requests switch from UDP to TCP"
• Reply: David Schwartz: "Re: DNS requests switch from UDP to TCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 19 Apr 2005 07:04:53 -0700

Trygve Selmer wrote:
> muxaul@lenta.ru wrote:
> > Thank you for the reply. I would like to clarify it if possible.
> > Do you mean that this is the machine that sends a DNS
> > request `decides' whether to use UDP or TCP? The point
> > is that this was _my_ machine, not the DNS server that
> > was switching UDP to TCP.
>
> Normally your machine sends an UDP request to the server, and you get
an
> UDP response back. If the response is too big to fit into one UDP
> packet, the server will return an indication of this. The client
(your
> machine) then retries the request, this time using TCP.

Oh, thanks! I've got it.

Still, there seems to be an issue related to firewalling.
AFAIK, a common practice of protecting DNS servers is to
accept UDP requests from anyone but accept TCP requests
from a limited number of `upper-level' DNS servers only
(those that really need to transfer your zone). For all
other clients, TCP queries are prohibited. Thus, there
seems to be a collision between firewall rules and the
protocol suggested by the DNS server itself.

Mikhail

---

• Next message: Shannon Sumner: "Please Help! DSL Problems"
• Previous message: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• In reply to: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Next in thread: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Reply: Trygve Selmer: "Re: DNS requests switch from UDP to TCP"
• Reply: Rick Jones: "Re: DNS requests switch from UDP to TCP"
• Reply: David Schwartz: "Re: DNS requests switch from UDP to TCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Netscreen: Lots of extraneous "denied" packets in log ... implementations don't assume the answer to be sent with TCP instead of ... UDP. ... DNS servers do not spontaneously reply using TCP to a UDP request. ... (comp.security.firewalls) NFS problem with recent 2.6 kernels (also serial console weirdness) ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ... (Linux-Kernel) Solaris 9 <---> linux (2.6.8) NFS file locking problem? ... to the same file placed on nfs filesystem. ... 100000 4 tcp 111 portmapper ... 100000 4 udp 111 portmapper ... 100021 1 udp 4045 nlockmgr ... (SunManagers) Urgent help with Secure NFS. ... have that option - I'm just attempting to tunnel all NFS traffic to the ... 100000 4 tcp 111 rpcbind ... 100000 4 udp 111 rpcbind ... 100021 1 tcp 49153 nlockmgr ... (SSH) Re: nfs error ... kernel: nfs: server ... So if your system uses ypbind be sure that is working properly before ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... (comp.sys.sun.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)