UDP vs TCP
James Raftery
james-bind-users at now.ie
Thu Mar 15 11:24:52 UTC 2001
On Thu, Mar 15, 2001 at 02:56:00AM +0000, Michael S Scheidell wrote:
> Brad: I assist in a Distributed Intrusion Detection system, and best I can
> tell, the only tcp port 53's I get are from hackers trying to find out
> more about our servers (and some old versions of the f5.com 3-dns server)
> Can you give me examples of when a normal 'query' would use tcp port53?
* Zone transfers
* Retranmission of queries that were truncated when delivered by UDP. (A
query for the MX RRset from the aol.com nameservers was > 512 bytes
for a while a few months ago. This does happen.)
james
--
James Raftery (JBR54)
"It's somewhere in the Red Hat district" -- A network engineer's
freudian slip when talking about Amsterdam's nightlife at RIPE 38.
More information about the bind-users
mailing list