firewalling

Danny Mayer mayer at gis.net
Sun Sep 5 00:55:05 UTC 2004


At 09:35 AM 9/3/2004, Ed Schmollinger wrote:
>And of course it's not really against the rules for a resolver to use
>TCP by default.  If you shut off querying over TCP, then you can
>probably expect for most things to keep working.  The interesting
>question here regards how easy it will be for you to figure out what's
>wrong when it eventually breaks something.  Does the mostly imaginary
>security you're buying by blocking TCP weigh more than the eventual
>downtime?

Microsoft's Exchange Server does lookups using TCP and not UDP. This
is by design. I got confirmation from the person who made that decision
at the time. If you allow only UDP then Exchange Server will have a
problem with name resolution.

Danny



More information about the bind-users mailing list