[colug-432] A clarification on DNS (was Re: CentOS 7 weird DNS network oddity...)

Rick Hornsby richardjhornsby at gmail.com
Thu Feb 26 14:28:22 EST 2015



> On Feb 26, 2015, at 14:21, William Yang <wyang at gcfn.net> wrote:
> 
> Not really about the debugging question at hand; more about being precise
> about DNS behavior because it's the kind of imprecision that's likely to
> burn someone.
> 
>> On 02/21/2015 10:05 PM, Rick Hornsby wrote:
>> 
>> DNS queries are usually over UDP.  TCP is usually reserved for zone 
>> transfers, not for standard queries.
> 
> DNS generally attempts queries via UDP and tranparently fails to TCP if UDP
> doesn't work (e.g. doesn't get a response in an appropriate time, receives
> certain kinds of error responses).
> 
> TCP is needed for DNS data transmissions on unreliable networks and also
> for responses exceeding a particular size; correctly noted for zone
> transfer (IXFR, AXFR), but more notably also including DNSSEC-signed
> responses.  This is a major issue, because queries that include DNSSEC
> RRSIG data frequently have to use TCP due to packet size restrictions.
> 

Thanks for the clarification and explanation.  Improved precision is always welcome. 




More information about the colug-432 mailing list