Re: DNS queries with UDP and TCP

To: debian-user@lists.debian.org
Subject: Re: DNS queries with UDP and TCP
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
Date: Wed, 20 Sep 2006 18:44:46 +0200
Message-id: <[🔎] 20060920164446.GJ19012@fantomas.sk>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 450EE5EE.7070307@ciudad.com.ar>
References: <[🔎] 450EE5EE.7070307@ciudad.com.ar>

On 18.09.06 15:31, Alejandro wrote:
> Hi people, I have some low rate problems in my network and I think it
> could be the DNS servers from my ISP I use in my proxy (squid) installed
> in a Debian Sarge machine, they are open DNS's and they could have a big
> traffic load.
> 
> But also I have read on the web that some common resolution queries to
> DNS servers and their responses use TCP because they need a bigger
> amount of bytes (I'm not talking about zone transfer, I'm talking about
> of direct and reverse simple name resolutions). So do you think in my
> firewall I have to open TCP/53 and UDP/53 ports in order to have name
> resolution to my proxy, or just opening UDP/53 port is enough ???

allowing ESTABLISHED connections from outside should just be enough. The
kernel keeps track of all TCP connections opened from inside and sent UDP
requests and allows the replies to come back.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

Reply to:

References:
- DNS queries with UDP and TCP
  - From: Alejandro <alejandritox@ciudad.com.ar>

Prev by Date: Log of shutdown procedure
Next by Date: Re: dictionary packages for Gnome desktop
Previous by thread: DNS queries with UDP and TCP
Next by thread: How works bind9 package in Debian?
Index(es):
- Date
- Thread