[colug-432] A clarification on DNS (was Re: CentOS 7 weird DNS network oddity...)
Rick Hornsby
richardjhornsby at gmail.com
Thu Feb 26 14:28:22 EST 2015
> On Feb 26, 2015, at 14:21, William Yang <wyang at gcfn.net> wrote:
>
> Not really about the debugging question at hand; more about being precise
> about DNS behavior because it's the kind of imprecision that's likely to
> burn someone.
>
>> On 02/21/2015 10:05 PM, Rick Hornsby wrote:
>>
>> DNS queries are usually over UDP. TCP is usually reserved for zone
>> transfers, not for standard queries.
>
> DNS generally attempts queries via UDP and tranparently fails to TCP if UDP
> doesn't work (e.g. doesn't get a response in an appropriate time, receives
> certain kinds of error responses).
>
> TCP is needed for DNS data transmissions on unreliable networks and also
> for responses exceeding a particular size; correctly noted for zone
> transfer (IXFR, AXFR), but more notably also including DNSSEC-signed
> responses. This is a major issue, because queries that include DNSSEC
> RRSIG data frequently have to use TCP due to packet size restrictions.
>
Thanks for the clarification and explanation. Improved precision is always welcome.
More information about the colug-432
mailing list