Blocking TCP
Jim Reid
jim at rfc1035.com
Tue Nov 6 18:22:19 UTC 2001
>>>>> "Tilo" == Tilo Lutz <TiloLutz at gmx.de> writes:
Tilo> I'm using bind9 I've read in a Firewall book TCP is only
Tilo> used to do zonetransfers. So I only allow the secondary DNS
Tilo> to do zonetransfers. But since that many request via TCP
Tilo> are blocked by my firewall. Is it OK blocking these
Tilo> requests or ist it "unhealthy" ?
Preventing TCP queries is simply wrong. In the DNS TCP is not just
used for zone transfers.
More information about the bind-users
mailing list