Security Basics mailing list archives

Re: TCP DNS requests

From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Wed, 30 Oct 2002 15:54:36 -0500

At 08:46 AM 10/30/2002, Carl R Diliberto wrote:

We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses.  My manager would like to block the TCP
packets.  What or why would their be random TCP packets?  We monitored
several clients and it appears it only needs UDP.

DNS will use TCP if the response is > 512 bytes. It is perfectly valid foran internal client system to receive a TCP DNS response in such a case.


Doug


------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 7.6), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.

Current thread:

TCP DNS requests Carl R Diliberto (Oct 30)
- Re: TCP DNS requests Douglas K. Fischer (Oct 31)
- RE: TCP DNS requests Daniel Miessler (Oct 31)
- RE: TCP DNS requests Larry R. (Oct 31)
- <Possible follow-ups>
- Re: TCP DNS requests Martin Wasson (Oct 31)
- RE: TCP DNS requests Raghu Chinthoju (Oct 31)
- RE: TCP DNS requests Meidling, Keith, CTR, OSD-C3I (Oct 31)
- RE: TCP DNS requests Mike Powell (Oct 31)