DNS Queries Over TCP
Avi Vantage supports DNS queries over both UDP and TCP protocols. DNS-over-TCP implementation requirements are described in RFC 7766.
One DNS Query per TCP Connection
Avi Vantage processes only one DNS query per TCP connection. Avi Vantage does not support DNS query pipelining as described in the RFC 7766. That is, if multiple DNS queries are sent over the same TCP connection, Avi will generate the response only for the first DNS query and ignore the remaining queries. If the DNS queries were meant for pass through to upstream DNS servers, then only the first DNS query in the TCP connection is passed to the upstream server and the remaining queries are ignored.
Avi Vantage-initiated TCP Connection Close
When Avi Vantage responds to a DNS query in a TCP connection, it generates a FIN towards the client to close the TCP connection. This is done to release memory resources immediately rather than wait for the client to timeout waiting on the responses for the potential multiple queries it sent.
Notes:
- If the multiple queries were passthrough to upstream DNS server, then TCP connection between client and Avi Vantage follows the regular connection close process.
- Starting with the release 22.1.4, Avi Vantage supports closing of TCP connection proactively in case of DNS pass-through using the
close_tcp_connection_post_response
knob. For more information on enabling theclose_tcp_connection_post_response
knob, see Closing TCP Connection Post Response Proactively for DNS Pass-through.
Other than DNS query pipelining, DNS queries over TCP get the same treatment as DNS over UDP as far as DNS behavior is concerned. Note that by virtue of using TCP, DNS over TCP is not limited to 512 bytes size, as is the case for DNS over UDP.