On Thu Aug 31 2006 at 22:59, Jason Haar wrote: > It's just that the wording as such made me feel that if someone else was > looking at the report of our DNS servers, they'd think there was a > serious problem instead of a potential one.
Would that message be clearer? ----------------------------------------------------------------------------- A DNS server is running on this port but it only answers to UDP requests. This means that TCP requests are blocked by a firewall. This configuration is not RFC-compliant. Contrary to common belief, TCP transport is not restricted to zone transfers (AXFR) : - answers bigger than 512 bytes are always transmitted over TCP. - for all other requests, UDP is only 'preferred' for performance reasons. i.e. RFC1035 (STD0013) does not forbid a DNS client from issuing its queries directly over TCP. ** If you are sure that your DNS server will never return ** answers bigger than 512 bytes and that the client ** software prefers UDP (which is nearly certain), you may ** disregard this message. Read RFC1035 (STD0013) for more information. Risk factor : None ----------------------------------------------------------------------------- _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
