HELP! DNS Attack
Joseph S D Yao
jsdy at cospo.osis.gov
Wed Oct 13 20:42:14 UTC 1999
> After all is said and done, both queries look like legitimate DNS queries. This
> has been a real learning experience for me, and none of the short cuts I tried
> helped. I had to right back to the RFC's to understand these transmissions. It
> would appear that my DNS simply can't handle DNS queries by TCP. After
> analyzing these transmissions, I can't understand why anyone would use TCP
> instead of UDP for a DNS query. There is substantially more overhead.
Upgrade to a more recent version of BIND.
BIND by default uses UDP first, but certain queries may return with
more information than can be passed in a single UDP packet for BIND, so
it "fails over" to TCP.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list