Re: DNS zone transfer
From: Frank Knobbe (fknobbe@knobbeits.com)Date: 06/11/02
- Previous message: Mauricio Freitas: "Belkin GCable/DSL router problem with http requests"
- In reply to: Ed Schmollinger: "Re: DNS zone transfer"
- Next in thread: Brad Bemis: "RE: DNS zone transfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frank Knobbe <fknobbe@knobbeits.com> To: Ed Schmollinger <schmolli@frozencrow.org> Date: 10 Jun 2002 21:24:27 -0500
On Mon, 2002-06-10 at 09:02, Ed Schmollinger wrote:
> No, they can't filter port 53/tcp if they expect zone transfers or large
> responses to work. Being authoritative is independent of the query
> mechanism. RFC compliance requires that TCP support be present, but for
> most setups, it can be safely disabled (via FW rules or whatever) for
> non-secondaries. The security (conscious|zealots) like to disable TCP
> because it's harder to get an interactive shell on a machine if you can
> only talk to it through UDP.
I don't want to drift further off-topic, but appending -u to netcat
isn't that much harder...
Regards,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Mauricio Freitas: "Belkin GCable/DSL router problem with http requests"
- In reply to: Ed Schmollinger: "Re: DNS zone transfer"
- Next in thread: Brad Bemis: "RE: DNS zone transfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
