[CentOS] DNS lookup delay with centos & postfix

Thu Jul 26 01:40:07 UTC 2012
David McGuffey <davidmcguffey at verizon.net>

On Jul 25, 2012, at 21:27, "Joseph L. Casale" <jcasale at activenetwerx.com> wrote:

>> DNS lookups default to using 53/udp, and only use 53/tcp for zone
>> transfers.  could it be 53/udp is being lost/blocked between this host
>> and your ns1 ?
> 
> Unfortunately that is a common misconception.
> 
> Tcp is used far more often than "only" as stated such as for size of request
> exceeding udp response size etc...
> 
> Bottom line is both ports are needed, not just for zone xfers.
> 
Except that the malware guys have figured out how to abuse port 53. Security recommendation is to block TCP unless you're running a DNS server. And also block oversize port 53 UDP packets. 

Dave M