Can I force a Windows Server 2008 DNS Conditional Forwarder to use TCP Only?

windows-server-2008 domain-name-system

There is no way to turn UDP off in Microsoft DNS Server (check dnscmd documentation).

This restriction on UDP packets seems unreasonable and sure their firewall is flexible enough to accept an exception that your servers are allowed to send requests through UDP port 53.

Whenever the RFC says "SHOULD", you'd better follow what it says to avoid running into unspecified/unpredictable behavior. The correct way is to only use TCP after a UDP with a truncated response has been received.

RFC 1035 (regarding preferred method):

UDP is not acceptable for zone transfers, but is the recommended method for standard queries in the Internet.

RFC 2181 (regarding UDP truncated resposes):

Where TC is set, the partial RRSet that would not completely fit may be left in the response. When a DNS client receives a reply with TC set, it should ignore that response, and query again, using a mechanism, such as a TCP connection, that will permit larger replies.

They'd better have a very good reason for not allowing UDP 53 (extremely unlikely).

Related

every minute - possible SYN flooding on port 80
How to reload environment variables file in a running Docker container
Will a SSD storage perform like a magnetic for small root volumes in AWS EC2?
Virtualising a VERY legacy app
Load Balancing RDS (in AWS)
How to correctly configure DNS usage in Ubuntu? Authoritative answers without RA flag are ignored
What is the best method to change the server used for folder redirection?
How to log ssh client connection/command?
Remote automated provisioning to a XenServer Hypervisor
How to grep a continuous stream, with paging
Outlook/BITS client can't download the OAB, returns HTTP 401
How to setup FreeNAS as a Windows Cluster storage target?