DNS Server UDP Query Limitation

Info Nessus Plugin ID 18356

Synopsis

The remote DNS server is not RFC1035 compliant.

Description

A DNS server is running on this port but it only answers to UDP requests. This means that TCP requests are blocked by a firewall.

This configuration is not RFC-compliant. Contrary to common belief, TCP transport is not restricted to zone transfers (AXFR) :

- answers bigger than 512 bytes are always transmitted over TCP.
- for all other requests, UDP is only 'preferred' for performance reasons. i.e. RFC1035 (STD0013) does not forbid a DNS client from issuing its queries directly over TCP.

Solution

If you are sure that the DNS server will never return answers bigger than 512 bytes and that the client software prefers UDP (which is nearly certain), you may ignore this message.

See Also

http://www.faqs.org/rfcs/rfc1035.html

Plugin Details

Severity: Info

ID: 18356

File Name: check_dns_tcp.nasl

Version: Revision: 1.16

Type: remote

Family: DNS

Published: 2005/05/22

Modified: 2015/10/13

Dependencies: 11002, 14664

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: Settings/ThoroughTests