* John Kristoff wrote: >> And why auditors do not like tcp53 open to public? > > They may have an outdated, naive view of what should be open and > what shouldn't be? Show them the above and ask them why. I'd be > curious what the response is.
"We have never seen TCP/53 in public beside strange examples or attack." "TCP/53 ise superseded by EDNS0" "TCP/53 is only needed for AXFR, allow TCP/53 only to(!) your primary NS" "DNS works over UDP" There are more such answers. But the most prominent answer is: "We marked it red, because it's a security risk. Close it!" _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
