udp is used for normal domain queries. tcp is used for zone transfers and large queries. Stopping it at the firewall (tcp/53) can be safe and will definitely stop any zone transfers, but the occasional DNS query might not work. It is better to use named.conf to control zone transfers.
M.W.
"Carl R
Diliberto" To: "security-basics"
<[EMAIL PROTECTED]>
<cdiliberto@hotma cc: (bcc: Martin
Wasson/STL/MASTERCARD)
il.com> Subject: TCP DNS requests
10/30/02 07:46 AM
We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses. My manager would like to block the TCP
packets. What or why would their be random TCP packets? We monitored
several clients and it appears it only needs UDP.
Thanks
Carl
