The saying you learn something new every day is very true in my experience, some days it's small things and some days it's big things.
Today was a day for a very minor thing about DNS - but quite a surprise.
Now I'm sure you all know that when you want to resolve an name to an ip (or vice versa) generally you'd ask the dns server to resolve that for you (there are other options but i think almost everyone would be using DNS).
To resolve the name you talk to whatever dns servers are configured (from resolv.conf on unix or however it does it on windows) - this request is sent over udp port 53 and the dns server responds with what you asked of it.
So for example i can say
nslookup server-name
this sends a request to whatever dns server is configured on udp port 53 and i get a reply of something like
10.10.10.10 (along with some other info)
Today i discovered something i never knew (and maybe it's a bit of an unusual case), if the reply from dns is greater than 512 bytes (this is configurable) - the request is essentially cancelled and the client is told to talk back to the dns server on tcp port 53 (i.e. not udp)
Now in most cases you are unlikely to see a dns reply > 512 bytes (in our case it was a round robin alias for all the AD servers so was quite a long list) and even if the reply was really long it wouldn't matter.
However....
In our case udp port 53 was open in the firewall but tcp port 53 was not - so we couldn't resolve the name!
Easy enough to fix but quite a surprise.
Helpfully you do get a hint this is going on - the first reply from the server appears like this:
nslookup alias-name
;; Truncated, retrying in TCP mode.
Comments
Post a Comment