DNS problems to RoadRunner - tcp vs udp
Jon Kibler
Jon.Kibler at aset.com
Fri Jun 13 18:57:17 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill Owens wrote:
> On Fri, Jun 13, 2008 at 02:14:55PM -0400, Jon Kibler wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mark Price wrote:
>> <SNIP>
>>> >From what I have read, public DNS servers should support both UDP and
>>> TCP queries. TCP queries are often used when a UDP query fails, or if
>>> the answer is over a certain length.
>>>
>> UDP is used for queries.
>>
>> TCP is used for zone transfers.
>>
>> If my server responded to TCP queries from anyone other than a secondary
>> server, I would be VERY concerned.
>
> Red alert:
>
> [cookiemonster:~] owens% dig +tcp aset.com @209.190.93.130 soa
>
> ; <<>> DiG 9.4.2 <<>> +tcp aset.com @209.190.93.130 soa
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5864
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;aset.com. IN SOA
>
> ;; ANSWER SECTION:
> aset.com. 14400 IN SOA ns1.sims.net. hostmaster.aset.com. 2006111001 10800 3600 3600000 86400
>
> ;; AUTHORITY SECTION:
> aset.com. 14400 IN NS ns3.trustns.net.
> aset.com. 14400 IN NS ns1.sims.net.
> aset.com. 14400 IN NS ns1.trustns.net.
> aset.com. 14400 IN NS ns2.sims.net.
> aset.com. 14400 IN NS ns2.trustns.net.
>
> ;; ADDITIONAL SECTION:
> ns1.sims.net. 86400 IN A 209.190.93.130
> ns2.sims.net. 86400 IN A 209.190.93.132
>
> ;; Query time: 31 msec
> ;; SERVER: 209.190.93.130#53(209.190.93.130)
> ;; WHEN: Fri Jun 13 14:31:13 2008
> ;; MSG SIZE rcvd: 211
UGH. Apparently hosting provider must have messed with IPTABLES on that
system. Thanks for the heads up. (Open mouth, insert foot.)
Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhSww0ACgkQUVxQRc85QlNk5wCfZT8s3CYDjb3lj86xU/k1N2+m
1O8AnAuSLaFthAwmBwUAmNS0MePFo/SF
=/Ol5
-----END PGP SIGNATURE-----
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the NANOG
mailing list