Usage of TCP/53
Joseph S D Yao
jsdy at center.osis.gov
Thu Sep 28 18:42:05 UTC 2006
On Thu, Sep 28, 2006 at 01:59:14PM -0400, Ralf Durkee wrote:
> I have a question about usage of the TCP port 53 by DNS servers in
> general, and BIND in particular. I've heard it stated that only zone
> transfers use the tcp port, but it was my understanding that it could
> also be used in other circumstances to handle larger
> requests/responses. Are there other uses of TCP/53? What would they be?
>
> Thanks,
>
> -- Ralf Durkee, CISSP, GSEC, GCIH, GSNA
> Principal Security Consultant
> http://rd1.net
TCP port 53 is used for large responses as well as for zone transfers.
Any firewall that blocks TCP port 53 acting on bad advice such as what
you have heard is damaging DNS.
I believe some DNSSEC responses are necessarily large enough to require
TCP port 53.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list