From: Joe A <>
Date: Fri Oct 29 2010 - 19:35:14 EDT
Thanks to everyone who responded.
I have brought it the Firewall groups

53/tcp is a valid port and shouldnt be blocked at the firewall

David M responded with:

DNS uses both UDP and TCP by design.

A query
first uses UDP because it's faster and uses less CPU, but if the
cannot fit with-in UDP, the DNS protocol falls back to TCP. From
RFC 1034
(published in 1987):

> 3.7. Queries
> Queries are messages which may be
sent to a name server to provoke a
> response.  In the Internet, queries are
carried in UDP datagrams or over
> TCP connections.  The response by the name
server either answers the
> question posed in the query, refers the requester
to another set of name
> servers, or signals some error condition.

And RFC 1035:

> 4.2. Transport
The Internet supports name server access using TCP [RFC-793] on server
> port
53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
> port 53
> 4.2.1. UDP usage
> Messages sent using UDP user server port
53 (decimal).
> 4.2.2. TCP usage
> Messages sent over TCP connections
use server port 53 (decimal). [...]
Thanks ALL!

> Hi All,
> I need some guidance on solaris dns.
> I
have a primary and
> secondary dns servers running on solaris 10.
> The issue
is: Firewall guys are
> saying that the DNS from these 2 server are 
attempting to run on port 53 TCP
> (UDP dns still works)
> The logs as a
"deny protocol src"
sunmanagers mailing list
Received on Fri Oct 29 19:36:23 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST