Kevin, you're right that there's no option. But blocking UDP in the
firewall isn't going to fly, the recursor only falls back to TCP on
TC=1 (truncated) answers, not on UDP timeout or error.
In general it's a bad idea to force TCP, as it increases load on both
recursor and authoritative servers. Better fix your UDP connectivity.
-Otto
On Fri, Feb 28, 2025 at 09:10:59AM -0500, Kevin P. Fleming via Pdns-users wrote:
> I don't think there are any configuration options in the recursor do to this,
> so you'll have to do it in a firewall system outside of the recursor.
> Blocking all outbound traffic to UDP port 53 would take care of it.
>
> On Fri, Feb 28, 2025, at 06:45, Carlos N via Pdns-users wrote:
> > Hello all
> >
> > I,m looking for a way of forcing all outgoing queries from recursor to
> > authoritative servers to be TCP.
> > I'm experiencing some packet discards in my platform internal network and i
> > think forcing to TCP may help overcome some of the problems caused by
> > discards.
> > Does anybody know how to do this or if it is even possible.
> > Documentation doesn't give any clue.
> > Kind regards and thanks in advance.
> >
> > Carlos
> >
> >
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users@mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
