Re: Pubstro rash
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 03/18/05
- Previous message: Ben Blakely: "Netscreen 5XT SSH Traffic"
- In reply to: Joshua Berry: "RE: Pubstro rash"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: Pubstro rash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Mar 2005 10:59:42 -0500 To: Joshua Berry <jberry@PENSON.COM>
Joshua Berry wrote:
> I have never had a DNS query that had a response that was over 512
> bytes. For that reason I disable all inbound DNS over 53/tcp. I have
> been using this configuration for years and even run my own DNS servers
> and have see absolutely no problems.
If you aren't authoritative over a zone that requires large response
records, you'll never receive one. But you may very well send some
queries out yourself (you allow 53/tcp outbound statefully?)
But in more general terms:
http://www.maradns.org/dnstcp_security.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263
http://support.microsoft.com/kb/832223
http://www.certcities.com/editorial/columns/print.asp?EditorialsID=144
https://lists.netfilter.org/pipermail/netfilter/2002-January/029765.html
http://www.faqs.org/rfcs/rfc3226.html
(Among others).
Jeff
- Previous message: Ben Blakely: "Netscreen 5XT SSH Traffic"
- In reply to: Joshua Berry: "RE: Pubstro rash"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: Pubstro rash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
