DNS problems to RoadRunner - tcp vs udp

Jon Kibler Jon.Kibler at aset.com
Fri Jun 13 18:57:17 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Owens wrote:
> On Fri, Jun 13, 2008 at 02:14:55PM -0400, Jon Kibler wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mark Price wrote:
>> <SNIP>
>>> >From what I have read, public DNS servers should support both UDP and
>>> TCP queries.  TCP queries are often used when a UDP query fails, or if
>>> the answer is over a certain length.
>>>
>> UDP is used for queries.
>>
>> TCP is used for zone transfers.
>>
>> If my server responded to TCP queries from anyone other than a secondary
>> server, I would be VERY concerned.
> 
> Red alert:
> 
> [cookiemonster:~] owens% dig +tcp aset.com @209.190.93.130 soa
> 
> ; <<>> DiG 9.4.2 <<>> +tcp aset.com @209.190.93.130 soa
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5864
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;aset.com.			IN	SOA
> 
> ;; ANSWER SECTION:
> aset.com.		14400	IN	SOA	ns1.sims.net. hostmaster.aset.com. 2006111001 10800 3600 3600000 86400
> 
> ;; AUTHORITY SECTION:
> aset.com.		14400	IN	NS	ns3.trustns.net.
> aset.com.		14400	IN	NS	ns1.sims.net.
> aset.com.		14400	IN	NS	ns1.trustns.net.
> aset.com.		14400	IN	NS	ns2.sims.net.
> aset.com.		14400	IN	NS	ns2.trustns.net.
> 
> ;; ADDITIONAL SECTION:
> ns1.sims.net.		86400	IN	A	209.190.93.130
> ns2.sims.net.		86400	IN	A	209.190.93.132
> 
> ;; Query time: 31 msec
> ;; SERVER: 209.190.93.130#53(209.190.93.130)
> ;; WHEN: Fri Jun 13 14:31:13 2008
> ;; MSG SIZE  rcvd: 211

UGH. Apparently hosting provider must have messed with IPTABLES on that
system. Thanks for the heads up. (Open mouth, insert foot.)

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhSww0ACgkQUVxQRc85QlNk5wCfZT8s3CYDjb3lj86xU/k1N2+m
1O8AnAuSLaFthAwmBwUAmNS0MePFo/SF
=/Ol5
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the NANOG mailing list