On Mon, 14 Jul 2008 16:27:58 +0200 Florian Weimer <[EMAIL PROTECTED]> wrote: > On top of that, some operators decided not to offer TCP service at > all.
Right. There's a common misconception, on both security and network operator mailing lists, that DNS servers use TCP only for zone transfers, and that all such connection requests should be blocked. See, for example, the NANOG thread starting at http://mailman.nanog.org/pipermail/nanog/2008-June/001240.html --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]