Disable TCP/53
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Fri Feb 22 08:35:57 UTC 2002
Tan Chun Han/ITNOC/PBB/PBBG <tanch at publicbank.com.my> wrote:
> hi phn, as far as i know, DNS should use UDP/53 only and not TCP, that =
> is
> why
> our FW is configured for UDP, unless there's zone transfers. as for our=
> case, this
> is only our Internal DNS for it to resolve MX records and www addresses=
> .
> therefore we don't need TCP/53 for name server resolving.
> thanks and regards
Nope, DNS is defined to use UDP and TCP ( tcp is free to use, and
is needed in case truncation occurs).
So go back and fix that FW, it's broken as it's configured now.
peter h
> phn at icke-reklam.ipsec.nu@isc.org on 21/02/2002 02:26:16 PM
> Sent by: bind-users-bounce at isc.org
> To: comp-protocols-dns-bind at isc.org
> cc:
> Subject: Re: Disable TCP/53
> Tan Chun Han/ITNOC/PBB/PBBG <tanch at publicbank.com.my> wrote:
>> Hi, our firewall keeps detecting and rejecting TCP/53 queries.
>> Does bind by default use TCP/53 and UDP/53? Is there any way to disab=
> le
>> TCP/53, thus enabling UDP/53?
> Your firewall is errounesly denying TCP/53
> Fix the fw config and the messages will go away.
> --
> Peter H=E5kanson
> IPSec Sverige (At the Riverside of Gothenburg, home of Vo=
> lvo)
> Sorry about my e-mail address, but i'm trying to keep spam o=
> ut.
> Remove "icke-reklam" and it works.
> =
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list