Re: Pubstro rash
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 03/18/05
- Previous message: Nick FitzGerald: "RE: Pubstro rash"
- In reply to: Alexandre Skyrme: "RE: Pubstro rash"
- Next in thread: David Gillett: "RE: Pubstro rash"
- Reply: David Gillett: "RE: Pubstro rash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Mar 2005 19:07:25 -0500 To: alexandre.skyrme@ciphersec.com.br
Alexandre Skyrme wrote:
> Greetings David,
>
> Just a thought about your third comment...
>
> As far as I'm concerned DNS just uses 53/TCP to do zone transfers. In case
> your workstations are on a different network than your DNS servers it should
> probably be safe to block incoming TCP connections to that network on such
> port.
>
> Tipically zone transfers would only be used by secondary servers to update
> their own zones from its primary server.
RFC1035 allows 512 bytes for a DNS response (53) but they may now be
longer, according to RFC2671 and others. If the DNS query fails or is
"truncated", the query may be repeated over TCP.
So, 53/tcp is NOT just for zone transfers.
Jeff
- Previous message: Nick FitzGerald: "RE: Pubstro rash"
- In reply to: Alexandre Skyrme: "RE: Pubstro rash"
- Next in thread: David Gillett: "RE: Pubstro rash"
- Reply: David Gillett: "RE: Pubstro rash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
