mailing list archives
RE: TCP DNS requests
From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Thu, 31 Oct 2002 18:04:16 -0500
It is a common misconception that TCP DNS is only for zone transfers. The
DNS specification calls for the use of TCP whenever the response exceeds
the size of a UDP packet (512 bytes). Zone transfers happen to fall within
this category of large responses; however, some client requests can result
in responses > 512 bytes, hence the use of TCP DNS.
Blocking clients from using TCP DNS will result in lookup failures whenever
the server response exceeds 512 bytes.
At 02:42 PM 10/30/2002, Raghu Chinthoju wrote:
TCP/DNS(53) is used for zone transfer. To be simple, TCP/DNS(53) is used
between the name servers to exchange/update there name databases where as
UDP/DNS(53) is used for querying.
I see two possibilities for having generated TCP based DNS requests in your
1. You must have another DNS server in that network trying to do zone
transfer with your server
2. Some one is explicitly requesting your name server for zone information.
This could be done by in many ways. For example, "ls" command of nslookup
Wilco International Systems
From: Carl R Diliberto [mailto:cdiliberto () hotmail com]
Sent: Wednesday, October 30, 2002 7:16 PM
Subject: TCP DNS requests
We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses. My manager would like to block the TCP
packets. What or why would their be random TCP packets? We monitored
several clients and it appears it only needs UDP.
This message is confidential and may also be legally privileged. If you
are not the intended recipient, please notify postmaster () wilco-int com
immediately. You should not copy it or use it for any purpose, nor
disclose its contents to any other person. The views and opinions
expressed in this e-mail message are the author's own and may not reflect
the views and opinions of Wilco.
This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 7.6), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified