UDP vs. TCP DNS

[jjk3]

Someone in my company mentioned something to me about DNS that I did not think was correct, but I wanted to double check.

DNS queries are usually UDP, but if the response is larger then allowed in UDP, then the server will notify the client and the client will make the request in TCP. He had stated that if a client makes a request in UDP, gets a response in UDP and then makes another request in UDP, but gets a UDP response with the truncated bit (too large for UDP) it will not remake the request in TCP. He had stated once it picks a protocol then it will stay with that protocol, until some timer runs out.

Is this correct? and if so can someone please point me to some supporting documentation (RFC, etc).

Thanks

Joe
---------------------------------------
Joe Keegan - Joe@jjk3.com
SANS GSEC & GCFW
CCSE, CCNA, CCSA & Sun Certified

 

[predamarcel]

It is correct.

For example for transfering a zone info always is used TCP.
I remeber that we have had a problem with MS Exchange which makes requests to our DNS server.
On DNS server we have a filter (iptables), and on port 53(DNS) were allowed just UDP packets, no TCP.

The MSExchange always gave us a strange error.
Th solution was to open also the TCP connections on port 53.



__

http://marcell.hypermart.net/

___