RE: TCP DNS requests

[Raghu Chinthoju <chraghu () hyd wilco-int com>]

TCP/DNS(53) is used for zone transfer. To be simple, TCP/DNS(53) is used
between the name servers to exchange/update there name databases where as
UDP/DNS(53) is used for querying. 

I see two possibilities for having generated TCP based DNS requests in your
network.
1. You must have another DNS server in that network trying to do zone
transfer with your server
2. Some one is explicitly requesting your name server for zone information.
This could be done by in many ways. For example, "ls" command of nslookup
does it.

Cheers,
Raghu.

Wilco International Systems
Hyderabad.


-----Original Message-----
From: Carl R Diliberto [mailto:cdiliberto () hotmail com] 
Sent: Wednesday, October 30, 2002 7:16 PM
To: security-basics
Subject: TCP DNS requests

We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses.  My manager would like to block the TCP
packets.  What or why would their be random TCP packets?  We monitored
several clients and it appears it only needs UDP.

Thanks
Carl


This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify 
postmaster () wilco-int com immediately. You should not copy it or use it for any purpose, nor disclose its contents to 
any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the 
views and opinions of Wilco.