[colug-432] A clarification on DNS (was Re: CentOS 7 weird DNS network oddity...)
William Yang
wyang at gcfn.net
Thu Feb 26 14:21:52 EST 2015
Not really about the debugging question at hand; more about being precise
about DNS behavior because it's the kind of imprecision that's likely to
burn someone.
On 02/21/2015 10:05 PM, Rick Hornsby wrote:
> DNS queries are usually over UDP. TCP is usually reserved for zone
> transfers, not for standard queries.
DNS generally attempts queries via UDP and tranparently fails to TCP if UDP
doesn't work (e.g. doesn't get a response in an appropriate time, receives
certain kinds of error responses).
TCP is needed for DNS data transmissions on unreliable networks and also
for responses exceeding a particular size; correctly noted for zone
transfer (IXFR, AXFR), but more notably also including DNSSEC-signed
responses. This is a major issue, because queries that include DNSSEC
RRSIG data frequently have to use TCP due to packet size restrictions.
--
William Yang
wyang at gcfn.net
More information about the colug-432
mailing list