Closing off tcp
Doug Barton
DougB at DougBarton.net
Tue Jan 8 23:01:59 UTC 2002
I'm getting a request through "the organization" to close off tcp
port 53 on my authoritative name servers. I am reluctant to do this
because my feeling is that the benefits of having it open outweigh the few
"costs" in terms of potential security problems, syn floods, etc. We are
pretty careful to keep our rr sets small enough to fit in to a udp packet
for other reasons, so chances are that we aren't doing a whole lot of tcp
queries right now anyway, but still I have this nagging feeling....
So, what I'm looking for is basically experiences... "I shut down
tcp access to my auth. name servers, and the following good/bad things
did/didn't happen..."
Comments, suggestions, etc. welcome,
Doug
--
"We will not tire, we will not falter, and we will not fail."
- George W. Bush, President of the United States
September 20, 2001
Do YOU Yahoo!?
More information about the bind-users
mailing list