Re: DNS zone transfer

From: Frank Knobbe (fknobbeat_private)
Date: Mon Jun 10 2002 - 19:24:27 PDT

  • Next message: FBO: "Re: Coding Conservative CGI Perl"

    On Mon, 2002-06-10 at 09:02, Ed Schmollinger wrote:
    > No, they can't filter port 53/tcp if they expect zone transfers or large
    > responses to work.  Being authoritative is independent of the query
    > mechanism.  RFC compliance requires that TCP support be present, but for
    > most setups, it can be safely disabled (via FW rules or whatever) for
    > non-secondaries.  The security (conscious|zealots) like to disable TCP
    > because it's harder to get an interactive shell on a machine if you can
    > only talk to it through UDP.
    
    
    I don't want to drift further off-topic, but appending -u to netcat
    isn't that much harder...
    
    Regards,
    Frank
    
    
    
    



    This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 10:19:44 PDT