[Courses] [Security] Firewall theory -- DNS
Raven, corporate courtesan
raven at oneeyedcrow.net
Wed Mar 13 18:08:17 EST 2002
Heya --
Quoth coldfire (Wed, Mar 13, 2002 at 02:08:22PM -0500):
> to be *really* persnicketty :) .. DNS has the capability to operate over
> tcp and udp ... however, for the typical lookups most hosts use, it only
> utilizes udp. tcp is usually used for things like zone transfers, etc.
> (over port 53, tcp).
Right. TCP 53's for really large replies as well as zone
transfers. Usually you're safe firewalling that off unless you're
deliberately allowing zone transfers from your server; the really large
replies are rare and often nefarious.
Cheers,
Raven-in-a-hurry
"Sed, sed, awk. Like duck, duck, goose. Sync, sync, halt. It's the
order of nature."
-- me, after too long a day at work
More information about the Courses
mailing list