On Mon, 2002-06-10 at 09:02, Ed Schmollinger wrote: > No, they can't filter port 53/tcp if they expect zone transfers or large > responses to work. Being authoritative is independent of the query > mechanism. RFC compliance requires that TCP support be present, but for > most setups, it can be safely disabled (via FW rules or whatever) for > non-secondaries. The security (conscious|zealots) like to disable TCP > because it's harder to get an interactive shell on a machine if you can > only talk to it through UDP. I don't want to drift further off-topic, but appending -u to netcat isn't that much harder... Regards, Frank
This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 10:19:44 PDT