nanog mailing list archives
using TCP53 for DNS
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Tue, 26 Apr 2005 12:39:09 -0400
In the thread about ns*.worldnic.com, many people were complaining about DNS responses/queries on TCP port 53.
At least one DoS mitigation box uses TCP53 to "protect" name servers. Personally I thought this was a pretty slick trick, but it appears to have caused a lot of problems. From the thread (certainly not a scientific sampling), many people seem to be filtering port 53 TCP to their name servers.
Is this common? Does anyone have stats on this (roots, GTLDs, other big name server farms)? Perhaps people could send what they do personally and I can summarize for this list. (Again, not a scientific sampling method, but better than trying to read into what people imply in a long, and probably not-well-read thread.)
-- TTFN, patrickP.S. Sorry to post operational content, I know how everyone hates that. =)
Current thread:
- using TCP53 for DNS Patrick W. Gilmore (Apr 26)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Patrick W. Gilmore (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Nils Ketelsen (Apr 28)