Closing off tcp

Doug Barton DougB at DougBarton.net
Tue Jan 8 23:01:59 UTC 2002


        I'm getting a request through "the organization" to close off tcp
port 53 on my authoritative name servers. I am reluctant to do this
because my feeling is that the benefits of having it open outweigh the few
"costs" in terms of potential security problems, syn floods, etc. We are
pretty careful to keep our rr sets small enough to fit in to a udp packet
for other reasons, so chances are that we aren't doing a whole lot of tcp
queries right now anyway, but still I have this nagging feeling....

        So, what I'm looking for is basically experiences... "I shut down
tcp access to my auth. name servers, and the following good/bad things
did/didn't happen..."

Comments, suggestions, etc. welcome,

Doug
-- 
    "We will not tire, we will not falter, and we will not fail."
	- George W. Bush, President of the United States
          September 20, 2001

         Do YOU Yahoo!?




More information about the bind-users mailing list