About "update" packets

Barry Margolin barmar at alum.mit.edu
Wed Jun 16 16:37:42 UTC 2004


In article <capcha$u39$1 at sf1.isc.org>,
 "Maurizio Colella" <Maurizio.Colella at marconi.com> wrote:

> closed all TCP  packets from any to my DNS, becose i've suppose that
> "update" are performed only by TCP

There's no reason to suppose this.  The only DNS operation that's 
required to use TCP is zone transfer.  Everything else *usually* uses 
UDP.  If these updates are coming from hackers, I expect that they know 
that many sites block TCP port 53, so it would be counterproductive for 
them to use TCP in their attacks.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list