Blocking TCP
Michael Kjorling
michael at kjorling.com
Wed Nov 7 16:10:44 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just about said for the archives perhaps, but no one searches those
anyway it seems...
But seriously, I seem to recall an incident (don't remember where)
when someone wanted to protect a DNS server by preventing UDP queries.
It was only supposed to do zone transfers to slaves - a hidden master
of some sort. (Dunno what the point would be with a hidden master to
which no one can make UDP queries for SOA RRs, but...)
Michael Kjörling
On Nov 7 2001 16:06 -0000, Barry Margolin wrote:
> In article <9sa3oi$1td at pub3.rc.vix.com>, Danny Mayer <mayer at gis.net> wrote:
> >In addition, TCP is just for the zone transfer itself. A slave also needs
> >to do
> >a regular UDP query for the SOA record to see if the serial number has changed.
> >If it can't do that it won't attempt a zone transfer.
>
> Since no one has suggested blocking UDP, what does this have to do with the
> discussion?
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE76V0IKqN7/Ypw4z4RAtm0AKDroAdRhmqQ+Rw4uxEQkA2XUq6Y6ACg4Llc
39oPLQZtdJUeVk5gBHj4Rn4=
=YBKf
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list