On Apr 26, 2013, at 8:24, Cihan SUBASI (GARANTI TEKNOLOJI) wrote: > Hi, > > Also can someone explain why tcp53 should be allowed on the firewalls if dns > is behind a firewall? >
In addition to other already posted reasons, TCP isn't susceptible to reflection attacks. (FWIW.) > And why auditors do not like tcp53 open to public? Can't read their minds, but, well, the auditor has at least been misinformed on how DNS works. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
