[CentOS] DNS lookup delay with centos & postfix

Thu Jul 26 01:40:07 UTC 2012
David McGuffey <davidmcguffey at verizon.net>

On Jul 25, 2012, at 21:27, "Joseph L. Casale" <jcasale at activenetwerx.com> wrote:

>> DNS lookups default to using 53/udp, and only use 53/tcp for zone
>> transfers.  could it be 53/udp is being lost/blocked between this host
>> and your ns1 ?
> Unfortunately that is a common misconception.
> Tcp is used far more often than "only" as stated such as for size of request
> exceeding udp response size etc...
> Bottom line is both ports are needed, not just for zone xfers.
Except that the malware guys have figured out how to abuse port 53. Security recommendation is to block TCP unless you're running a DNS server. And also block oversize port 53 UDP packets. 

Dave M