even queries beyond a certain size (I think 512bytes) will go on TCP. http://www.maradns.org/dnstcp_security.html
rkt -----Original Message----- From: [EMAIL PROTECTED] [mailto:Leonard.Ong@;nokia.com] Sent: Thursday, October 31, 2002 5:51 PM To: [EMAIL PROTECTED] Subject: RE: TCP DNS requests Yes, I am confirming this. Zone transfer uses TCP/53, while queries use UDP/53. Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. [EMAIL PROTECTED] Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 -----Original Message----- From: ext Daniel Miessler [mailto:danielrm26@;hotmail.com] Sent: Friday, November 01, 2002 1:20 AM To: 'Carl R Diliberto'; 'security-basics' Subject: RE: TCP DNS requests Zone Transfers use TCP instead of UDP on port 53. That is most likely what you are seeing. --Daniel > We are reporting TCP based DNS requests to one of our DNS servers coming > from internal, client IP addresses. My manager would like to block the TCP > packets. What or why would their be random TCP packets? We monitored > several clients and it appears it only needs UDP. ----+---- This email message (and any attached document) contains information from Ingenuity Systems Inc. which may be considered confidential by Ingenuity, or which may be privileged or otherwise exempt from disclosure under law, and is for the sole use of the individual or entity to whom it is addressed. Any other dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, please notify me and destroy the attached message (and all attached documents) immediately.
