One program I know of that uses TCP requests for DNS requests is Microsoft's SMTP server that's bundled with IIS. There's a KB artilcle on MS's website that states that the RFC for DNS servers should be able to accept UDP and TCP requests. MS took this to extreme and set their SMTP server to ONLY use TCP for DNS.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q276347 Might want to check your suspect client to see if they have an SMTP server set up. my .02 -----Original Message----- From: Carl R Diliberto [mailto:cdiliberto@;hotmail.com] Sent: Wednesday, October 30, 2002 8:46 AM To: security-basics Subject: TCP DNS requests We are reporting TCP based DNS requests to one of our DNS servers coming from internal, client IP addresses. My manager would like to block the TCP packets. What or why would their be random TCP packets? We monitored several clients and it appears it only needs UDP. Thanks Carl
