Re: UDP or TCP port 53 on ACL

aksher · ‎10-09-2006

whcih one among these two can be used for DNS in ACL

TCPorUDP on 53 or both?

a.kiprawih · ‎10-09-2006

Common port for DNS is UDP-53. This is widely used everywhere. The UDP requires no handshake or acknowledge between the two (2) machines.

Among reasons why UDP is used because successive DNS requests can go to different anycast root servers and routes can be unstable. UDP can switch quickly and cope with such changes. TCP would not cope well.

But TCP-53, on the other hand, is more reliable. But this is useful for zone transfer request. The normal UDP-53 is used for DNS queries.

So, you may use both TCP/UDP, or UDP only, depending on your requirement.

http://seclists.org/security-basics/2002/Nov/0045.html

Cheers!

AK

aksher · ‎10-10-2006

what are the other applications which use tcp as well as udp

a.kiprawih · ‎10-10-2006

Syslog normally use UDP, but also support TCP.

Typically, when UDP is used, if communication breaks down, log messages unable to be sent to syslog server, and it will be lost (when device's buffer full and overwritten).

Reason why TCP is because it's reliable, and log messages will be re-transmitted if the communication breaks down.