Re: DNS connections on over TCP?

From: Tutaepaki (replyto_at_newsgroup.not.me)
Date: 07/31/03 

Date: Wed, 30 Jul 2003 23:23:04 +0000 (UTC)

"281 cu. in." <nospam@nosite.org> wrote in
news:QTWVa.1025$V_4.45104@eagle.america.net:

> THE QUESTION: Does a DNS client looks up names only over UDP, or is
> it possible for it to look up names over TCP as well???
>
> THE PROBLEM:
> My Windows 2000 (one of MS programs, not 3rd party, 100% certain) is
> trying to look up names over TCP. My firewall is configured for a DNS
> client (remote port 53) over UDP. However, I'm not sure if DNS over
> TCP is standard or possible, and whether I should create a rule to
> allow DNS lookups over TCP???
>
> Bellow are single log from firewall and whois on destination. This
> event (see log bellow) occurs over and over, about 20 times, and then
> it stops. However when I enable DNS connections over TCP only one such
> event occurs (when it is successful). Regardless of whether I have
> DNS allowed over TCP my web browser and other DNS using software works
> just fine.
>
> Thanx in advance,
>
>
> Alex
>
> FIREWALL LOG:
> 2003/07/30, 17:16:53.329, GMT -0400, 2007, Device 1, Blocked outgoing
> TCP packet (no matching rule), src=65.229.184.6, dst=153.39.194.10,
> sport=1036, dport=53
>
>
> WHOIS ON DST:
> Wednesday, July 30, 2003, 17:19:21
>
> Looking up 153.39.194.10...
> Using whois server whois.arin.net.
>
> OrgName: UUNET Technologies, Inc.
> OrgID: UU
> Address: 22001 Loudoun County Parkway
> City: Ashburn
> StateProv: VA
> PostalCode: 20147
> Country: US
>
> NetRange: 153.39.0.0 - 153.39.255.255
> CIDR: 153.39.0.0/16
> NetName: UUNETCUSTB39
> NetHandle: NET-153-39-0-0-1
> Parent: NET-153-0-0-0-0
> NetType: Direct Allocation
> NameServer: AUTH03.NS.UU.NET
> NameServer: AUTH61.NS.UU.NET
> Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
> RegDate: 1992-01-13
> Updated: 2001-09-26
>
>
>

Normally DNS only uses TCP for a zone transfer between DNS servers. DNS
lookups from a client are normally UDP, but they don't have to be, TCP is
supported too.

Are you sure the client is does not have the MS DNS server enabled? I had
this running once, and saw continuous attempts to connect to an address
in that same range.

Relevant Pages

  • Emailing domain gets errors...
    ... Searching for Exchange external DNS settings. ... VSI 1 has the following external DNS servers: ... TCP test succeeded. ... Starting TCP and UDP DNS queries for the local domain. ...
    (microsoft.public.exchange2000.admin)
  • Re: Global Catalog / Domain Controller loses connection to Exchang
    ... Clients cannot log on to domain controllers that are Windows Server ... DNS can still perform dynamic updates ... Connection-specific DNS Suffix. ... TCP mail2k3:microsoft-ds mail2k3.pastongroup.com:0 LISTENING ...
    (microsoft.public.windows.server.networking)
  • RE: TCP DNS requests
    ... It is a common misconception that TCP DNS is only for zone transfers. ... You must have another DNS server in that network trying to do zone ...
    (Security-Basics)
  • RE: Help with ipfw rules to allow DNS queries through
    ... If a DNS reply exceeds the maximum size of a udp datagram, it will be sent using TCP so the rule is needed. ... > I have a stand alone server co-located on my employers T1 line. ...
    (FreeBSD-Security)
  • Re: Help with ipfw rules to allow DNS queries through
    ... Try replacing your DNS rules with this: ... ${fwcmd} add pass tcp from any to $53 setup ... > there is a UDP and a TCP component to DNS queries, ...
    (FreeBSD-Security)