Date: Mon, 23 Aug 1999 15:09:12 -0600 From: Nate Williams <nate@mt.sri.com> To: sthaug@nethelp.no Cc: freebsd@gndrsh.dnsmgr.net, nate@mt.sri.com, freebsd-security@FreeBSD.ORG Subject: Re: IPFW/DNS rules Message-ID: <199908232109.PAA02237@mt.sri.com> In-Reply-To: <596.935442110@verdi.nethelp.no> References: <199908232053.NAA36241@gndrsh.dnsmgr.net> <596.935442110@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> > DNS queries and replies are usually done using udp, if and only if a udp > > query fails well a client even try a tcp query. You can savely block > > tcp queries, there just shouldn't really be any. > > Life isn't that simple, unfortunately. There are some clients out there > that use TCP on a regular basis - early versions of a well known Internet > "server in a box" system based on FreeBSD, for instance :-) > > Blocking TCP queries is not recommended. I may just 'log' TCP queries then, to see what's what. If I never get any hits, I will probably later on block them. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908232109.PAA02237>