DNS Server UDP Query Limitation

Info Nessus Plugin ID 18356


The remote DNS server is not RFC1035 compliant.


A DNS server is running on this port but it only answers to UDP
requests. This means that TCP requests are blocked by a firewall.

This configuration is not RFC-compliant. Contrary to common belief,
TCP transport is not restricted to zone transfers (AXFR) :

- answers bigger than 512 bytes are always transmitted
over TCP.
- for all other requests, UDP is only 'preferred' for
performance reasons. i.e. RFC1035 (STD0013) does not
forbid a DNS client from issuing its queries directly
over TCP.


If you are sure that the DNS server will never return answers bigger
than 512 bytes and that the client software prefers UDP (which is
nearly certain), you may ignore this message.

See Also


Plugin Details

Severity: Info

ID: 18356

File Name: check_dns_tcp.nasl

Version: Revision: 1.16

Type: remote

Family: DNS

Published: 2005/05/22

Modified: 2015/10/13

Dependencies: 14664, 11002

Risk Information

Risk Factor: Info