On Tue, 2003-12-23 at 10:33, Antony Stone wrote: > > > > Yes. UDP port 53 means client-to-server DNS lookups. > > > > It could also be server to server queries as well as a load balancer. > > I thought server to server queries were always TCP? Nope. UDP is always used unless the "answer" will exceed a packet length of 512 bytes. If this max is exceeded, as complete an answer as possible is returned with the truncation bit turned on in the DNS header. After that, you'll see the session switch over to TCP for a complete answer. The other case is primary/master <--> secondary/slave communications for the purpose of zone transfers. Dig and other tools will let you choose to use TCP, but the default is UDP. HTH, C
