Enabling DNS Host Name Lookup over TCP for FQDN

By default, DNS queries are sent over UDP. The DNS response can include a Truncated flag if the response length exceeds the maximum allowed by UDP.

When the Enable DNS host name lookup over TCP for FQDN option is:

• Enabled and the Truncated flag is set in the DNS response, SonicOS/X sends an additional DNS query over TCP to determine the full DNS response for multiple IP addresses.
• Disabled, DNS queries are sent over UDP, and SonicOS/X only processes the IP addresses in the DNS response packet, although the Truncated flag is set in the response.

The DNS query times out after one second if no DNS response over TCP is received from the DNS server.

This option is used to gain more IP addresses when sending DNS queries from FQDN over TCP while the Security Appliance receives DNS responses over UDP.

To enable DNS host name lookup over TCP for FQDN

1. Navigate to Network | DNS > Settings.
2. Scroll to the DNS host name lookup over TCP for FQDN section.
3. Select Enable DNS host name lookup over TCP for FQDN. This option is not selected by default.
4. Click Accept.