Firewall Wizards mailing list archives
Re: Does blocking TCP DNS packets keep your Bind safe?
From: "Tony Rall" <trall () almaden ibm com>
Date: Sat, 10 Mar 2001 20:43:25 -0800
Quite a bit of misinformation in this thread, as well as some good stuff. There are cases where tcp is used for normal resolution requests. If you block it you will stop some degree of resolution from occurring. Udp is not acceptable for zone transfers. All valid dns udp messages are no greater than 512 bytes (and this is one of the reasons why resolvers and servers need to be able to use tcp). It doesn't matter what version of bind is being used - this is explicitly required by rfc1035. Tony Rall _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Does blocking TCP DNS packets keep your Bind safe?, (continued)
- Re: Does blocking TCP DNS packets keep your Bind safe? Crist Clark (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Jeff Sedayao (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Andrew Huffer (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Bill_Royds (Mar 10)
- RE: Does blocking TCP DNS packets keep your Bind safe? Ben Nagy (Mar 11)
- Re: Does blocking TCP DNS packets keep your Bind safe? Luca Berra (Mar 13)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 13)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 16)