Resolving DNS names using TCP instead of UDP

["Karl Voss" <kvoss kpnx com>]

Hi Everyone,

I hope this message is not duplicated, but the original message I sent seemed to disappear into
the ether...

Due to some corporate security policies restricting the use of UDP, I'm finding that DNS
resolving on my RH 9 (kernel 2.4.20-8) computer is extremely slow.  While researching this
issue, I found that it appears that I can change the file "/etc/resolv.conf" to add the line
"options usevc" to force the resolver to use a TCP connection when doing name lookups - at
least the MAN page for resolv.conf implies this (the "options rotate" listed in the MAN page
appears to tie back to the variable "RES_ROTATE in the file "resolv.h", so I hoped that I use
the "options usevc" command to activate the variable "RES_USEVC" in the same file).

I tried this and have not had any luck.  Adding "options rotate" to resolv.conf appears to
work, at least my DNS lookups now rotate through the nameservers listed in "resolv.conf", but
the "usevc" doesn't work as the computer is still trying to do UDP lookups.  I made sure to
reboot the machine to see if the resolver software reads the configuration file only at boot
time.

I also found another copy of "resolv.conf" in the directory
"/etc/sysconfig/networking/profiles/default" and also modified that file - with the same
non-working result.  Does anyone know which "resolv.conf" is used?

Since that didn't appear to work, I continued to research.  The MAN page for "resolv.conf"
notes a file "/usr/include/resolv.h", so I then looked at that file and found it included the
following snippet of code:

/*
 * Resolver options (keep these in synch with res_debug.c, please)  */
#define RES_INIT        0x00000001      /* address initialized */
#define RES_DEBUG       0x00000002      /* print debug messages */
#define RES_AAONLY      0x00000004      /* authoritative answers only (!IMPL)*/
#define RES_USEVC       0x00000008      /* use virtual circuit */
#define RES_PRIMARY     0x00000010      /* query primary server only (!IMPL)*/
#define RES_IGNTC       0x00000020      /* ignore trucation errors */
#define RES_RECURSE     0x00000040      /* recursion desired */
#define RES_DEFNAMES    0x00000080      /* use default domain name */
#define RES_STAYOPEN    0x00000100      /* Keep TCP socket open */
#define RES_DNSRCH      0x00000200      /* search up local domain tree */
#define RES_INSECURE1   0x00000400      /* type 1 security disabled */
#define RES_INSECURE2   0x00000800      /* type 2 security disabled */
#define RES_NOALIASES   0x00001000      /* shuts off HOSTALIASES feature */
#define RES_USE_INET6   0x00002000      /* use/map IPv6 in gethostbyname()*/
#define RES_ROTATE      0x00004000      /* rotate ns list after each query*/
#define RES_NOCHECKNAME 0x00008000      /* do not check names for sanity. */
#define RES_KEEPTSIG    0x00010000      /* do not strip TSIG records */
#define RES_BLAST       0x00020000      /* blast all recursive servers */

#define RES_DEFAULT     (RES_RECURSE | RES_DEFNAMES | RES_DNSRCH) 

Since nothing else as worked, I changed the RES_DEFAULT in "resolv.h" to be:

#define RES_DEFAULT     (RES_RECURSE | RES_DEFNAMES | RES_DNSRCH | RES_USEVC | RES_ROTATE)

And rebooted the machine to see if the changes would become active...  Still no luck.  

Not being a c programmer, is it safe to assume that the changes I made to resolv.h needs to be
compiled into new code?  If so, how do I do this and what command would I be recompiling?  

Or am I missing something so totally simple that I'll be knocking my head against the wall?

Any help is appreciated.  

Thanks in advance

Karl
___________________________________________
Karl Voss
SBE/NFL Frequency Coordinator
kvoss karlvoss com