TCP query answer for authorative DNS server

The name server on the BA310 (5.4.6 build 1432) failed to answer queries sent over TCP.

This is probably due to the name server not correctly set up. There is no configured filtering in a firewall rule.

It is a rather common misconception that DNS does not need TCP unless they provide zone transfers - perhaps the name server administrator is not aware that TCP usually is a requirement.

Sorry, the TCP port 53 is now served for zone transfer only. The DNS server currently does not support TCP based queries.

Here is a good reading for you: http://cr.yp.to/djbdns/tcp.html#why

1 Like

This http://dnscheck.iis.se/ DNS check marks a domain as faulty when any of its authoritative servers do not answer queries over TCP.

This DNS zone check is also used for the .nl zone. In the .nl zone registrars are benchmarked on the output of this DNS check.

We are currently using the built in Peplink DNS server for our domains. While running a test on dnscheck.pingdom.com as well as a # of other DNS testing sites we’ve noticed that the name server does not respond to TCP request. From what I am reading it is recommended that TCP is supported domain name system - Is it true that a nameserver have to answer queries over TCP? - Server Fault
I wanted to see if this is on the list of supported features?

There are many online testing solutions that disagree with your linked documentation. Why is this document you linked to correct and all online testing solutions such as Pingdom.com and mxtoolbox.com wrong? Pingdom explicitly says says that queries over TCP should still be allowed.

I’m asking because I am experiencing some DNS issues and I think they may be related to this capability.

Can you please provide detail info for the DNS issue that your encounter ? Let’s us investigate the issue.

1 Like

DNS queries are getting bigger (longer) so we do not want to accidentally block them (when the answer does not fit in one 512 byte packet). With the impending deployment of DNSSEC and the eventual addition of IPv6 we will need to allow both TCP and UDP port 53 packets.