Avi Load Balancer supports DNS queries over both UDP and TCP protocols. DNS-over-TCP implementation requirements are described in RFC 7766.
One DNS Query per TCP Connection
Avi Load Balancer processes only one DNS query per TCP connection. It does not support DNS query pipelining as described in the RFC 7766. If multiple DNS queries are sent over the same TCP connection, Avi Load Balancer will generate the response only for the first DNS query and ignore the remaining queries. If the DNS queries were meant for pass through to upstream DNS servers, then only the first DNS query in the TCP connection is passed to the upstream server, and the remaining queries are ignored.
Avi Load Balancer initiated TCP Connection Close
When Avi Load Balancer responds to a DNS query in a TCP connection, it generates a FIN towards the client to close the TCP connection. This is done to release memory resources immediately rather than wait for the client to timeout waiting on the responses for the multiple potential queries it sent.
If the multiple queries were passthrough to the upstream DNS server, then the TCP connection between the client and Avi Load Balancer follows the regular connection close process.
Avi Load Balancer supports closing of TCP connection proactively in case of DNS pass-through using the
close_tcp_connection_post_response
knob.For more information on enabling the
close_tcp_connection_post_response
knob, see Closing TCP Connection Post Response Proactively for DNS Pass-through.
Other than DNS query pipelining, DNS queries over TCP get the same treatment as DNS over UDP as far as DNS behavior is concerned. Note that by using TCP, DNS over TCP is not limited to 512 bytes size, as is the case for DNS over UDP.