Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
3
Replies

UDP or TCP port 53 on ACL

aksher
Level 1
Level 1

‎10-09-2006 12:50 PM - edited ‎02-20-2020 09:37 PM

whcih one among these two can be used for DNS in ACL

TCPorUDP on 53 or both?

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎10-09-2006 04:32 PM

Common port for DNS is UDP-53. This is widely used everywhere. The UDP requires no handshake or acknowledge between the two (2) machines.

Among reasons why UDP is used because successive DNS requests can go to different anycast root servers and routes can be unstable. UDP can switch quickly and cope with such changes. TCP would not cope well.

But TCP-53, on the other hand, is more reliable. But this is useful for zone transfer request. The normal UDP-53 is used for DNS queries.

So, you may use both TCP/UDP, or UDP only, depending on your requirement.

http://seclists.org/security-basics/2002/Nov/0045.html

Cheers!

AK

0 Helpful

aksher
Level 1
Level 1
In response to a.kiprawih

‎10-10-2006 11:03 AM

what are the other applications which use tcp as well as udp

0 Helpful

a.kiprawih
Level 7
Level 7
In response to aksher

‎10-10-2006 03:07 PM

Syslog normally use UDP, but also support TCP.

Typically, when UDP is used, if communication breaks down, log messages unable to be sent to syslog server, and it will be lost (when device's buffer full and overwritten).

Reason why TCP is because it's reliable, and log messages will be re-transmitted if the communication breaks down.

0 Helpful
Customers Also Viewed These Support Documents