Re: TCP DNS requests

["Martin Wasson" <martin_wasson () mastercard com>]

udp is used for normal domain queries. tcp is used for zone transfers and
large queries.  Stopping it at the firewall (tcp/53) can be safe and will
definitely stop any zone transfers, but the occasional DNS query might not
work. It is better to use named.conf to control zone transfers.

M.W.




                                                                                                                        
                
                      "Carl R                                                                                           
                
                      Diliberto"               To:       "security-basics" <security-basics () securityfocus com>       
                   
                      <cdiliberto@hotma        cc:       (bcc: Martin Wasson/STL/MASTERCARD)                            
                
                      il.com>                  Subject:  TCP DNS requests                                               
                
                                                                                                                        
                
                      10/30/02 07:46 AM                                                                                 
                
                                                                                                                        
                
                                                                                                                        
                




We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses.  My manager would like to block the TCP
packets.  What or why would their be random TCP packets?  We monitored
several clients and it appears it only needs UDP.

Thanks
Carl