A DNS query will use UDP by default since it has less overhead. However, the standard limits the size of a UDP query to 512 bytes. If the query is more than 512 bytes, the TC (TrunCation) bit is set in the return query. Typically the resolver will then retry the query using a TCP connection. The firewall wizards list has been discussing this and showing examples.
See RFC 1035/Standard 13 and O'reilly's DNS & BIND book. How does humble pie taste? ;-) <> Jim -----Original Message----- How stupid are YOU !??!?!? DNS uses tcp/53 for zone transfers regarding slave servers, not big packets ! ----- Original Message ----- > > matter that I run dns & mail on my firewall. My pf rules are pretty > > standard, a default deny + allow in UDP on port 53 & TCP on 25. > > I also allow in SSH, WWW but only from my work IP address, so that > > shouldn't affect things & POP but only from internal hosts. > > DNS sometimes also uses TCP on port 53 for large packets, so you > probably want to allow that as well. >
