Vulnerability Development mailing list archives

RE: DNS zone transfer

From: David Schwartz <davids () webmaster com>
Date: Sun, 9 Jun 2002 17:22:01 -0700


On Sun, 9 Jun 2002 20:49:37 -0300, Maximiliano Perez wrote:

We all know that tcp filtering is a very common practice.


         A DNS server that is authoritative for a zone must not filter TCP. The
relevant standards do not specify any preference for UDP over TCP. A client
could legitimately issue all its DNS queries using TCP. Claiming that you
will provide DNS service for a zone and then failing to provide that service
due to filtering is the network equivalent of fraud.

        If you have any standards that contradict this, cite them.

        DS

Current thread:

Re: DNS zone transfer, (continued)
- - - Re: DNS zone transfer Frank Knobbe (Jun 11)
    - RE: DNS zone transfer Brad Bemis (Jun 09)
    - Re: DNS zone transfer Olaf Kirch (Jun 10)
    - RE: DNS zone transfer Terry Grace (Jun 10)
  - RE: DNS zone transfer Maximiliano Perez (Jun 09)
- Re: DNS zone transfer Ralf Vitasek (Jun 09)
  - Re: DNS zone transfer Edwin Groothuis (Jun 10)
    - Re: DNS zone transfer Jefferson Ogata (Jun 11)
- RE: DNS zone transfer deepblue (Jun 10)
- RE: DNS zone transfer David LaPorte (Jun 16)
- RE: DNS zone transfer David Schwartz (Jun 09)
- Re: DNS zone transfer Blue Boar (Jun 10)
- Re: DNS zone transfer Eric Monti (Jun 10)
- Re: DNS zone transfer Valdis . Kletnieks (Jun 10)