DNS Queries Over TCP

Avi Vantage supports DNS queries over both UDP and TCP protocols. DNS-over-TCP implementation requirements are described in RFC 7766.

One DNS Query per TCP Connection

Avi Vantage processes only one DNS query per TCP connection. Avi Vantage does not support DNS query pipelining as described in the RFC 7766. That is, if multiple DNS queries are sent over the same TCP connection, Avi will generate the response only for the first DNS query and ignore the remaining queries. If the DNS queries were meant for pass through to upstream DNS servers, then only the first DNS query in the TCP connection is passed to the upstream server and the remaining queries are ignored.

Avi Vantage-initiated TCP Connection Close

When Avi Vantage responds to a DNS query in a TCP connection, it generates a FIN towards the client to close the TCP connection. This is done to release memory resources immediately rather than wait for the client to timeout waiting on the responses for the potential multiple queries it sent.

Note: If the multiple queries were passthrough to upstream DNS server, then TCP connection between client and Avi Vantage follows the regular connection close process.

Other than DNS query pipelining, DNS queries over TCP get the same treatment as DNS over UDP as far as DNS behavior is concerned. Note that by virtue of using TCP, DNS over TCP is not limited to 512 bytes size, as is the case for DNS over UDP.