About "update" packets
Barry Margolin
barmar at alum.mit.edu
Wed Jun 16 16:37:42 UTC 2004
In article <capcha$u39$1 at sf1.isc.org>,
"Maurizio Colella" <Maurizio.Colella at marconi.com> wrote:
> closed all TCP packets from any to my DNS, becose i've suppose that
> "update" are performed only by TCP
There's no reason to suppose this. The only DNS operation that's
required to use TCP is zone transfer. Everything else *usually* uses
UDP. If these updates are coming from hackers, I expect that they know
that many sites block TCP port 53, so it would be counterproductive for
them to use TCP in their attacks.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list