HELP! DNS Attack
Barry Margolin
barmar at bbnplanet.com
Wed Oct 13 21:53:54 UTC 1999
In article <jv0N3.6720$G6.625277 at news0.telusplanet.net>,
John Coutts <administrator at yellowhead.com> wrote:
>After all is said and done, both queries look like legitimate DNS queries. This
>has been a real learning experience for me, and none of the short cuts I tried
>helped. I had to right back to the RFC's to understand these transmissions. It
>would appear that my DNS simply can't handle DNS queries by TCP. After
>analyzing these transmissions, I can't understand why anyone would use TCP
>instead of UDP for a DNS query. There is substantially more overhead.
I'm not sure if this is true in BIND 8, but in BIND 4 I believe a slave
server would use TCP to query for the SOA record from the primary, to see
if a zone transfer is necessary. Since the zone transfer will also use
TCP, this kills two birds with one stone: it checks the serial number, and
also verifies that a TCP connection can be made (i.e. it's not blocked by
a firewall).
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list