SUMMARY: Solaris DNS

From: Joe A <spaceyjoe2020_at_yahoo.com>
Date: Fri Oct 29 2010 - 19:35:14 EDT
Thanks to everyone who responded.
I have brought it the Firewall groups
attention.

53/tcp is a valid port and shouldnt be blocked at the firewall
port.

David M responded with:

DNS uses both UDP and TCP by design.

A query
first uses UDP because it's faster and uses less CPU, but if the
response
cannot fit with-in UDP, the DNS protocol falls back to TCP. From
RFC 1034
(published in 1987):

> 3.7. Queries
>
> Queries are messages which may be
sent to a name server to provoke a
> response.  In the Internet, queries are
carried in UDP datagrams or over
> TCP connections.  The response by the name
server either answers the
> question posed in the query, refers the requester
to another set of name
> servers, or signals some error condition.
http://tools.ietf.org/html/rfc1034

And RFC 1035:

> 4.2. Transport
[...]
>
The Internet supports name server access using TCP [RFC-793] on server
> port
53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
> port 53
(decimal).
>
> 4.2.1. UDP usage
>
> Messages sent using UDP user server port
53 (decimal).
[...]
> 4.2.2. TCP usage
>
> Messages sent over TCP connections
use server port 53 (decimal). [...]

http://tools.ietf.org/html/rfc1035
Thanks ALL!


> Hi All,
>  
> I need some guidance on solaris dns.
>  
> I
have a primary and
> secondary dns servers running on solaris 10.
> The issue
is: Firewall guys are
> saying that the DNS from these 2 server are 
>
attempting to run on port 53 TCP
> (UDP dns still works)
>  
> The logs as a
"deny protocol src"
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Oct 29 19:36:23 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST