When does DNS use TCP?

binarysoul

When I open my browser to go to google.com, for example, it's my understanding that the my PC would send a name lookup for google.com to my DNS server using UDP port 53. So far so good.

A few days ago, some remote offices couldn't surf and it turned out they couldn't resolve name from DOS, i.e. C:\nslookup google.com, but they could ping the DNS server. The issue was caused by a third party TCP accelerator, which is puzzling as why it affected UDP? Ping requests would come to firewall, but not nslookup requests.

My question is this: With name resolution, is there a point that either the client or the DNS server send TCP packets? I vote no, but wanted to get some feedback.

dtlokee

DNS uses TCP for zone transfers, Clients use UDP for record queries.

sprkymrk

Sometimes the DNS Server itself is still up and running (thus able to respond to ICMP ping requests) but the DNS service is unavailable (either hung, shut down, or in your case another device was in the way) and so name lookups won't work.

JDMurray

I seem to remember that DNS uses TCP only for zone transfers containing data that won't fit into a single UDP packet. Because multiple packets must be used in the transfer, TCP is used to reliably complete the zone transfer. A partial zone transfer would corrupt a DNS server's database.

dtlokee

I guss it would also depend on the version of BIND in use, using full zone transfers requires sending the entire BIND database file (which I would suspect is rarely less than 1.5kb requiring multiple packets) versus an incremental update.

binarysoul

I'm not an expert on DNS? What's a zone transfer? I could google it, but maye you can make it easy

JDMurray

Domain name system
DNS zone transfer