Security Basics mailing list archives
Re: Can't Resolve from behind firewall
From: Jason Kohles <jkohles () redhat com>
Date: 18 Oct 2002 13:51:56 -0400
On Fri, 2002-10-18 at 08:41, Dickon Newman wrote:
Remember that DNS is UDP port, not a TCP port. I'm not sure about how you've setup your firewall, or if it even makes the distinction between the two (I would hope that it would!).
This myth is the cause of most of the DNS problems I've had to fix in the past, DNS is BOTH tcp and udp, responses that are too large for a single udp packet may be sent by tcp. A related (but still false) commonly held belief is that udp is used for queries and tcp for zone transfers, this frequently happens, but only because zone transfers are larger than queries, it isn't designed to happen that way. -- Jason Kohles jkohles () redhat com Senior Engineer Red Hat Professional Consulting
Current thread:
- Re: Can't Resolve from behind firewall khayes (Oct 17)
- Re: Can't Resolve from behind firewall Dickon Newman (Oct 18)
- Re: Can't Resolve from behind firewall michel 'ziobudda' morelli (Oct 18)
- Re: Can't Resolve from behind firewall Sumit Dhar (Oct 21)
- Re: Can't Resolve from behind firewall Jason Kohles (Oct 21)
- Re: Can't Resolve from behind firewall michel 'ziobudda' morelli (Oct 18)
- <Possible follow-ups>
- RE: Can't Resolve from behind firewall Security Newsletters-TM (Oct 17)
- RE: Can't Resolve from behind firewall YashPal Singh (Oct 21)
- Re: Can't Resolve from behind firewall Dickon Newman (Oct 18)