Thanks to everyone who responded. I have brought it the Firewall groups attention. 53/tcp is a valid port and shouldnt be blocked at the firewall port. David M responded with: DNS uses both UDP and TCP by design. A query first uses UDP because it's faster and uses less CPU, but if the response cannot fit with-in UDP, the DNS protocol falls back to TCP. From RFC 1034 (published in 1987): > 3.7. Queries > > Queries are messages which may be sent to a name server to provoke a > response. In the Internet, queries are carried in UDP datagrams or over > TCP connections. The response by the name server either answers the > question posed in the query, refers the requester to another set of name > servers, or signals some error condition. http://tools.ietf.org/html/rfc1034 And RFC 1035: > 4.2. Transport [...] > The Internet supports name server access using TCP [RFC-793] on server > port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP > port 53 (decimal). > > 4.2.1. UDP usage > > Messages sent using UDP user server port 53 (decimal). [...] > 4.2.2. TCP usage > > Messages sent over TCP connections use server port 53 (decimal). [...] http://tools.ietf.org/html/rfc1035 Thanks ALL! > Hi All, > > I need some guidance on solaris dns. > > I have a primary and > secondary dns servers running on solaris 10. > The issue is: Firewall guys are > saying that the DNS from these 2 server are > attempting to run on port 53 TCP > (UDP dns still works) > > The logs as a "deny protocol src" _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Oct 29 19:36:23 2010
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST