Security Basics mailing list archives
RE: TCP DNS requests
From: "Mike Powell" <mpowell () mijk dnsalias com>
Date: Wed, 30 Oct 2002 22:56:44 -0000
Carl I believe that DNS lookups use UDP because the request and response can each fit into one packet. If a DNS request is for some reason larger than 512 bytes which is the maximum size for a UDP packet (RFC1035 [6]) then the client will use TCP instead. Closing this port to internal clients could therefore prevent some DNS lookups. Why some lookups would be larger I guess would depend on the length of the domain name contained in the packet(s)? Mike Powell Barry College Wales mpowell () barry ac uk -----Original Message----- From: Carl R Diliberto [mailto:cdiliberto () hotmail com] Sent: 30 October 2002 13:46 To: security-basics Subject: TCP DNS requests We are reporting TCP based DNS requests to one of our DNS servers coming from internal, client IP addresses. My manager would like to block the TCP packets. What or why would their be random TCP packets? We monitored several clients and it appears it only needs UDP. Thanks Carl
Current thread:
- TCP DNS requests Carl R Diliberto (Oct 30)
- Re: TCP DNS requests Douglas K. Fischer (Oct 31)
- RE: TCP DNS requests Daniel Miessler (Oct 31)
- RE: TCP DNS requests Larry R. (Oct 31)
- <Possible follow-ups>
- Re: TCP DNS requests Martin Wasson (Oct 31)
- RE: TCP DNS requests Raghu Chinthoju (Oct 31)
- RE: TCP DNS requests Meidling, Keith, CTR, OSD-C3I (Oct 31)
- RE: TCP DNS requests Mike Powell (Oct 31)