Kevin, you're right that there's no option. But blocking UDP in the
firewall isn't going to fly, the recursor only falls back to TCP on
TC=1 (truncated) answers, not on UDP timeout or error.
In general it's a bad idea to force TCP, as it increases load on both
recursor and authoritative servers. B
I don't think there are any configuration options in the recursor do to this,
so you'll have to do it in a firewall system outside of the recursor. Blocking
all outbound traffic to UDP port 53 would take care of it.
On Fri, Feb 28, 2025, at 06:45, Carlos N via Pdns-users wrote:
> Hello all
>
>
