On Apr 26, 2013, at 8:24 AM, "Cihan SUBASI \(GARANTI TEKNOLOJI\)" <cih...@garanti.com.tr> wrote:
> Also can someone explain why tcp53 should be allowed on the firewalls if dns > is behind a firewall? EDNS0 > And why auditors do not like tcp53 open to public? Because someone told them the wrong thing and they don't know any difference. Just because they're an auditor doesn't mean they are clued. Simple thing would be to show them a dns query that requires tcp, such as: Jareds-Mac-mini:~% dig txt nether.net. @204.42.254.5 - Jared _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs