Vanja Hrustic wrote:
> Is it ok if only UDP/53 is left open, to serve DNS requests? As much as
> I have understood, I can safely close TCP/53. The server in question is
> a 'small' one (meaning: not so many requests per day, and only requests
> for www/dns/mail will probably come there anyway).
>
TCP is used (for resolving names ; zone transfers always via TCP) in two
special cases: either if a certain number of requests (I think, most common
value is 3) don't get an answer (within a certain amount of time) or if the
requests are greater than 512 bytes.
Im too lazy right now, but you could also look in the RFCs (I think
1034/1035).
HTH,
Enno Rey
[EMAIL PROTECTED]
PGP: FB9B DA6D 6706 5A8D A361 F63C 6650 E4C8 3BBE 04E9
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
