Date: Mon, 29 Dec 2003 08:11:24 +0100 (CET) From: "Per Engelbrecht" <per@xterm.dk> To: <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: need testers for a ipfw rule generation script! Message-ID: <34589.62.242.151.142.1072681884.squirrel@mailbox.wingercom.dk> In-Reply-To: <Pine.BSF.4.53.0312290002210.21415@e0-0.zab2.int.zabbadoz.net> References: <Pine.BSF.4.53.0312290002210.21415@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bjoern, Boris, et al On certain occasions I've seen TCP query's (!) in my log . Don't ask me why, but a thread on the bind-list (a year ago or so) described how someMS-clients used TCP and not UDP to query a DNS server. If you read RFC 1034/1035 you will see that zone-transfer between servers is always TCP,while a query is "always" on UDP. I allow both TCP and UDP query in my firewall ruleset on my public DNS servers for the same reason. /per per@xterm.dk > On Mon, 29 Dec 2003, Boris Staeblow wrote: > >> On Sonntag, 28. Dezember 2003 23:27, Bjoern A. Zeeb wrote: >> >> > DNS can also be TCP. >> > (noted by a colleague who seemed to have a closer look at it). >> >> under which circumstances is a DNS TCP connection needed? >> (I´ve never used a DNS TCP rule before - without any problem) > > I I remember correctly it's RFC 1035 /Transport > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT > 56 69 73 69 74 http://www.zabbadoz.net/ > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34589.62.242.151.142.1072681884.squirrel>