On Sun, Apr 22, 2001 at 12:12 +0800, Dennis wrote:
If your DNS do not need 'zone transfer', you can close port 53.
Not completely true. DNS queries can be run over UDP as well as TCP. It's just that *usually* queries are UDP packets while transfers are *always* TCP. This doesn't rule out TCP queries, they're just uncommon. They become necessary when the answer won't fit into an UDP packet (think of AOL MX lookups or some other query with a large result, like much aliased machines or many redundant servers in a farm (w/o dedicated load balancers)). One may allow queries via both protocols when serving DNS -- while specifying who's allowed to transfer zones. It's not a packet filter thing but a matter of DNS configuration! virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.