>If it's "query-able" it needs 53 tcp/udp open?
"query-able" by internet.
> I think you mean it needs 53/udp open. The only reason it would need
> 53/tcp open, is if you were doing a zone transfer (such as a secondary NS
> would do), or a handful of other situations.
no, not only udp. Some RRset (esp banner add servers, etc) are very large
like 30 to 50 A records, and will not fit in UDP, so tcp is required to
avoid very weird and difficult to fix DNS problems.
yes, zone transfer are always tcp, so if you have off-site slaves, they
need 53:tcp to get to the on-site master.
The "DNS needs tcp or not" is a classic debate in the security circles. We
won�t resolve it here.
Len
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
