I have a standard Pi-Hole installation on a Raspberry Pi and set up as a Recursive DNS Server. My home router's firewall allows Port 53 (DNS) in UDP from anyone... but not in the TCP protocol.
I've noticed that the Raspberry Pi tries to route traffic to the firewall in TCP sometimes (i.e., when trying to access a cloudns domain) - which is blocked, in my case.
Is it typcal for Pi-Hole to use Port 53 (TCP) instead of UDP? Should I keep it blocked in my firewall?
Thanks!
You must allow TCP
read here.
quote
While considering between UDP or TCP protocol for any application, another key aspect to note is that UDP packets are smaller in size and cannot be greater then 512 bytes. Hence, any application needs where data to be transferred is greater than 512 bytes will require TCP protocol.
/quote
pihole-FTL (and all other) will use UDP, and switch to TCP whenever required.
And DNSSEC will just about always exceed the max packet size for UDP datagrams.
Thanks for the quick response! Learned something today.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.