Security Basics mailing list archives
Re: TCP DNS requests
From: "Martin Wasson" <martin_wasson () mastercard com>
Date: Wed, 30 Oct 2002 13:26:40 -0600
udp is used for normal domain queries. tcp is used for zone transfers and large queries. Stopping it at the firewall (tcp/53) can be safe and will definitely stop any zone transfers, but the occasional DNS query might not work. It is better to use named.conf to control zone transfers. M.W. "Carl R Diliberto" To: "security-basics" <security-basics () securityfocus com> <cdiliberto@hotma cc: (bcc: Martin Wasson/STL/MASTERCARD) il.com> Subject: TCP DNS requests 10/30/02 07:46 AM We are reporting TCP based DNS requests to one of our DNS servers coming from internal, client IP addresses. My manager would like to block the TCP packets. What or why would their be random TCP packets? We monitored several clients and it appears it only needs UDP. Thanks Carl
Current thread:
- TCP DNS requests Carl R Diliberto (Oct 30)
- Re: TCP DNS requests Douglas K. Fischer (Oct 31)
- RE: TCP DNS requests Daniel Miessler (Oct 31)
- RE: TCP DNS requests Larry R. (Oct 31)
- <Possible follow-ups>
- Re: TCP DNS requests Martin Wasson (Oct 31)
- RE: TCP DNS requests Raghu Chinthoju (Oct 31)
- RE: TCP DNS requests Meidling, Keith, CTR, OSD-C3I (Oct 31)
- RE: TCP DNS requests Mike Powell (Oct 31)