Vulnerability Development mailing list archives

Re: DNS zone transfer

From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Mon, 10 Jun 2002 10:59:22 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 07:02 AM 6/10/2002, Ed Schmollinger wrote:

      They can't filter port 53/tcp if the are authoritative for any

domains.

Support for TCP queries is not optional.


No, they can't filter port 53/tcp if they expect zone transfers or large
responses to work.


Or any DNS query from an Exchange2000 box- IIRC, Ex2k uses TCP 53 for *all* 
DNS queries regardless of size.

AD



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPQTo+ohsmyD15h5gEQLQygCfRSX+PaIdm8tDA9oq3XGiyLnJUA4AoKdk
k2GOwN7DPJFT/UPSXxIFd2O3
=gmSj
-----END PGP SIGNATURE-----

Current thread:

DNS zone transfer Vlad (Jun 08)
- Re: DNS zone transfer Short_Circut (Jun 08)
  - RE: DNS zone transfer Vlad (Jun 09)
    - RE: DNS zone transfer Maximiliano Perez (Jun 09)
    - RE: DNS zone transfer David Schwartz (Jun 09)
    - Re: DNS zone transfer Ed Schmollinger (Jun 10)
    - RE: DNS zone transfer Maximiliano Perez (Jun 10)
    - Re: DNS zone transfer Deus, Attonbitus (Jun 10)
    - Re: DNS zone transfer Frank Knobbe (Jun 11)
    - RE: DNS zone transfer Brad Bemis (Jun 09)
    - Re: DNS zone transfer Olaf Kirch (Jun 10)
    - RE: DNS zone transfer Terry Grace (Jun 10)
  - RE: DNS zone transfer Maximiliano Perez (Jun 09)
- Re: DNS zone transfer Ralf Vitasek (Jun 09)
  - Re: DNS zone transfer Edwin Groothuis (Jun 10)
    - Re: DNS zone transfer Jefferson Ogata (Jun 11)
- RE: DNS zone transfer deepblue (Jun 10)
- RE: DNS zone transfer David LaPorte (Jun 16)

(Thread continues...)