Re: Firewall question

From: Wayne McGlinn (wmcglinn@optushome.com.au)
Date: 03/15/03

• Next message: Wayne McGlinn: "Re: Checkpoint Log analyser!"
• Previous message: MadZookeeper: "Re: dirtbag is trying to attack me"
• In reply to:(deleted message) Jesper Skriver: "Re: Firewall question"
• Next in thread: Lars M. Hansen: "Re: Firewall question"
• Reply: Lars M. Hansen: "Re: Firewall question"
• Reply:(deleted message) Jesper Skriver: "Re: Firewall question"
• Reply: PES: "Re: Firewall question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Wayne McGlinn" <wmcglinn@optushome.com.au>
Date: Sun, 16 Mar 2003 00:43:36 +1000

References please ?? Not Cisco, but RFC's if possible :) As I quoted
previously from STD13:

"4.2.1. UDP usage

Messages sent using UDP user server port 53 (decimal).

Messages carried by UDP are restricted to 512 bytes (not counting the IP
or UDP headers). Longer messages are truncated and the TC bit is set in
the header.

UDP is not acceptable for zone transfers, but is the recommended method
for standard queries in the Internet. Queries sent using UDP may be
lost, and hence a retransmission strategy is required. Queries or their
responses may be reordered by the network, or by processing in name
servers, so resolvers should not depend on them being returned in order."

Wayne

"Jesper Skriver" <harvest@wheel.dk> wrote in message
news:slrnb76ehs.16vh.harvest@freesbee.wheel.dk...
> On Sat, 15 Mar 2003 14:26:57 -0000, Chris wrote:
>
> > I agree. TCP 53 is only used for zone transfers between DNS servers,
> > not DNS lookups.
>
> Not correct, lookup's will fallback to TCP if the reply cannot fit a
> single UDP packet.
>
> > Besides, the mail server in question will only need to query MX
> > records when sending out mail if not using a smart host. UDP 53 is all
> > it needs.
>
> See above.
>
> --
> Jesper Skriver, CCIE #5456
> FreeBSD committer

---

• Next message: Wayne McGlinn: "Re: Checkpoint Log analyser!"
• Previous message: MadZookeeper: "Re: dirtbag is trying to attack me"
• In reply to:(deleted message) Jesper Skriver: "Re: Firewall question"
• Next in thread: Lars M. Hansen: "Re: Firewall question"
• Reply: Lars M. Hansen: "Re: Firewall question"
• Reply:(deleted message) Jesper Skriver: "Re: Firewall question"
• Reply: PES: "Re: Firewall question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: IP addresses and VPN ... UDP on all machines in the network or just the servers at each end of the VPN ... > Browser receives server announcements from another computer, ... > Microsoft CSS Online Newsgroup Support ... > This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: mount.nfs internal error ... Whenever I try to mount from a server on my LAN, ... Adding a -o udp to the mount still fails ... Linux does not yet support nfs over IPv6, although rpcbind does support IPv6 queries.) ... 100000 4 tcp 111 portmapper ... (comp.os.linux.networking) Re: NETDIAG problem - SPN queries ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... There is no primary WINS server defined for this adapter. ... Description: RSVP UDP Service Provider ... (microsoft.public.win2000.dns) Re: ntfs problem ... > mount to NFS server '192.168.1.56' failed: ... portmapper, the NFS server not having registered itself with portmapper, or ... 100000 2 udp 111 portmapper ... (Fedora) Re: nfs client does not find nfs server ... I can find the server now using YAST after deactivating the firewalls ... mount server reported tcp not available, falling back to udp ... 100003 2 udp 2049 nfs ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-03