DNS connections on over TCP?

From: 281 cu. in. (nospam_at_nosite.org)
Date: 07/30/03 

Date: Wed, 30 Jul 2003 17:36:47 -0400

THE QUESTION: Does a DNS client looks up names only over UDP, or is it
possible for it to look up names over TCP as well???

THE PROBLEM:
My Windows 2000 (one of MS programs, not 3rd party, 100% certain) is trying
to look up names over TCP. My firewall is configured for a DNS client
(remote port 53) over UDP. However, I'm not sure if DNS over TCP is
standard or possible, and whether I should create a rule to allow DNS
lookups over TCP???

Bellow are single log from firewall and whois on destination. This event
(see log bellow) occurs over and over, about 20 times, and then it stops.
However when I enable DNS connections over TCP only one such event occurs
(when it is successful). Regardless of whether I have DNS allowed over TCP
my web browser and other DNS using software works just fine.

Thanx in advance,

Alex

FIREWALL LOG:
2003/07/30, 17:16:53.329, GMT -0400, 2007, Device 1, Blocked outgoing TCP
packet (no matching rule), src=65.229.184.6, dst=153.39.194.10, sport=1036,
dport=53

WHOIS ON DST:
Wednesday, July 30, 2003, 17:19:21

Looking up 153.39.194.10...
Using whois server whois.arin.net.

OrgName: UUNET Technologies, Inc.
OrgID: UU
Address: 22001 Loudoun County Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US

NetRange: 153.39.0.0 - 153.39.255.255
CIDR: 153.39.0.0/16
NetName: UUNETCUSTB39
NetHandle: NET-153-39-0-0-1
Parent: NET-153-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH03.NS.UU.NET
NameServer: AUTH61.NS.UU.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1992-01-13
Updated: 2001-09-26

Relevant Pages

  • Re: SMTP delivery failure when NIC DNS server points to router
    ... I learned that the router's DNS server does not listen to TCP queries. ... Configure the SMTPSVC to use UDP for DNS queries. ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Windows 2003 Help
    ... Reconfigure the DC's as also posted in DNS NG: ... In the private ip range i would not enable the firewall between the DC's. ... 53211 TCP ... 53 TCP and UDP ...
    (microsoft.public.windows.server.general)
  • SMTP Outgoing - Connection Dropped
    ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... TCP test failed. ... UDP test succeeded. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange TCP/IP ports
    ... 389 LDAP to GC/DC - TCP/UDP ... 53 DNS to DC - TCP/UDP ... DNS can sometimes use TCP even though most queries are UDP make sure you ...
    (microsoft.public.exchange.admin)
  • Re: new server 2003 slow login NOT a DNS problem
    ... If i see your DNS server ip's their is a mismatch with your current subnet ... UDP:138 ... TCP:445 ...
    (microsoft.public.windows.server.general)