Is it true that a nameserver have to answer queries over TCP?

Solution 1:

The diagnostic text from Pingdom is exactly correct. TCP is not just for zone transfers.

DNS server implementations are now "required" (in so much as any RFC requires anything) to support TCP, per RFC 5966, "DNS Transport over TCP - Implementation Requirements".

Note that this is a requirement on the server software implementation, it does not strictly apply to the operation of any server - operational practice is not covered.

That said, if your particular DNS servers are not configured to support TCP, or if it is blocked, then the longer term effect will be an inability to support DNSSEC correctly. Similarly any other DNS data which causes responses to exceed 512 bytes might be blocked.

ob disclaimer: I wrote that RFC.

EDIT RFC 5966 has now been replaced by RFC 7766

Solution 2:

it should support TCP and UDP - the TCP is for responses sizes >512 bytes (which would include zone transfers) (according to stuff I've read, anyway. I usually enable TCP and UDP for the NS's I run...)