Re: [m0n0wall] Are TCP DNS queries possible?

From:	Robert Goodyear <me at jrob dot net>
To:	George Bourozikas <george at bourozikas dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Are TCP DNS queries possible?
Date:	Wed, 14 Sep 2005 14:06:40 -0700

On Sep 14, 2005, at 7:01 AM, George Bourozikas wrote:

> On Tuesday 13 September 2005 16:49, Robert Goodyear wrote:
>
>> On Sep 13, 2005, at 12:04 PM, Michael Sierchio wrote:
>>
>>> Robert Goodyear wrote:
>>>
>>>> I need m0n0 to respond to TCP DNS queries. Does anyone know if
>>>> this  is possible or if there's a workaround to permit this
>>>> functionality?
>>>>
>>>
>>> Why?  Zone transfers?  In all other cases, a DNS server should  
>>> respond
>>> with a RST-ACK to queries on 53/TCP unless the state of things
>>> indicates
>>> that a 53/UDP query failed due to payload being greater than 512
>>> bytes.
>>>
>>> And *that* condition is a sign of something seriously broken, IMHO.
>>>
>>> If your records are properly configured, you'll never have need to
>>> respond to TCP queries.
>>>
>>> What are you trying to do?
>>>
>>
>> Trying to get m0n0 to talk to MS SMTPSVC on a group of W2K servers.
>>
>
> As a workaround, have you considered setting up a caching  
> nameserver on the
> same machine as the SMTPSVC that will only act as a translator to  
> the DNS
> requests coming from the service and, hopefully, use UDP?

George, thanks. Maybe that's the way I'll have to go. It's either a  
choice of replacing the SMTP service or adding a DNS service I suppose.

-Rob.