need testers for a ipfw rule generation script!
Per Engelbrecht
per at xterm.dk
Sun Dec 28 23:07:25 PST 2003
Hi Bjoern, Boris, et al
On certain occasions I've seen TCP query's (!) in my log . Don't ask me
why, but a thread on the bind-list (a year ago or so) described how
someMS-clients used TCP and not UDP to query a DNS server. If you read RFC
1034/1035 you will see that zone-transfer between servers is always
TCP,while a query is "always" on UDP. I allow both TCP and UDP query in my
firewall ruleset on my public DNS servers for the same reason.
/per
per at xterm.dk
> On Mon, 29 Dec 2003, Boris Staeblow wrote:
>
>> On Sonntag, 28. Dezember 2003 23:27, Bjoern A. Zeeb wrote:
>>
>> > DNS can also be TCP.
>> > (noted by a colleague who seemed to have a closer look at it).
>>
>> under which circumstances is a DNS TCP connection needed?
>> (I´ve never used a DNS TCP rule before - without any problem)
>
> I I remember correctly it's RFC 1035 /Transport
>
> --
> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
> 56 69 73 69 74 http://www.zabbadoz.net/
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list