UDP open ports [was: ubuntu-devel Digest, Vol 23, Issue 16]
Matthew Palmer
mpalmer at hezmatt.org
Wed Jul 5 03:43:31 BST 2006
On Wed, Jul 05, 2006 at 03:08:07AM +0100, Scott James Remnant wrote:
> On Wed, 2006-07-05 at 11:40 +1000, Matthew Palmer wrote:
>
> > On Tue, Jul 04, 2006 at 08:55:54PM -0400, Ivan Krstic wrote:
> > > Dan Kegel wrote:
> > > > I wonder how practical it would be to get glibc to use tcp for
> > > > DNS requests...
> > >
> > > Not an option; many sites only allow AXFRs via TCP/53.
> >
> > Then those sites are broken. A DNS server must allow TCP/53 for responses
> > which are larger than a single UDP packet.
> >
> But I do not believe they must allow TCP/53 for responses that are
> SMALLER than a single UDP packet.
I'd love to see the firewall rules on *that* one... <grin> Does BIND have a
"reject unsolicited TCP DNS requests" option? I've certainly never seen one
(although that's not definitive; I tend to find options by grep rather than
by an exhaustive reading of named.conf(5)).
- Matt
More information about the ubuntu-devel
mailing list