[colug-432] A clarification on DNS (was Re: CentOS 7 weird DNS network oddity...)

William Yang wyang at gcfn.net
Thu Feb 26 14:21:52 EST 2015


Not really about the debugging question at hand; more about being precise
about DNS behavior because it's the kind of imprecision that's likely to
burn someone.

On 02/21/2015 10:05 PM, Rick Hornsby wrote:

> DNS queries are usually over UDP.  TCP is usually reserved for zone 
> transfers, not for standard queries. 

DNS generally attempts queries via UDP and tranparently fails to TCP if UDP
doesn't work (e.g. doesn't get a response in an appropriate time, receives
certain kinds of error responses).

TCP is needed for DNS data transmissions on unreliable networks and also
for responses exceeding a particular size; correctly noted for zone
transfer (IXFR, AXFR), but more notably also including DNSSEC-signed
responses.  This is a major issue, because queries that include DNSSEC
RRSIG data frequently have to use TCP due to packet size restrictions.


-- 
William Yang
wyang at gcfn.net


More information about the colug-432 mailing list