[ee122] DNS over TCP

vern at cs.berkeley.edu vern at cs.berkeley.edu
Wed Oct 17 15:40:39 PDT 2007

> I've read on the internet that you can issue a DNS request over a TCP
> connection.

It is *optionally* supported.  So if the problem you're encountering is
that the server is rejecting the connection, it's because the server hasn't
chosen to support it.

The "dig" utility has a +tcp option that instructs it to use TCP rather
than UDP.  If you want to explore this further, first find a server that
works when using dig +tcp.  If your test code doesn't work for that server,
you can trace the traffic sent to the server by dig +tcp using tshark
(or tcpdump) and compare that with the traffic sent by your code to see
what's missing.

> I've read that public hotspots use DNS to exclude people from using the
> internet. Isnt this a bad idea because people will still be able to go to
> sites which their browser might have cached the ip for?

It will depend on how the hotspot does this.  (Often they instead intercept
HTTP requests, rather than DNS lookups.)  But usually a hotspot includes a
firewall that lets very little out until the MAC address has been associated
with some form of payment.  Interestingly, sometimes one of the few things
the firewall does let out are DNS requests, and in fact some enterprising
individuals have written tools that "tunnel" IP packets over DNS requests
as a way of getting service for free at such hotspots.  We'll talk more
about firewalls and tunneling later in the semester.


More information about the ee122 mailing list