[unisog] DNS over TCP should we block
Vijay S Sarvepalli VSSARVEP
VSSARVEP at uncg.edu
Tue Jan 4 19:01:30 GMT 2005
This may have been discussed already. I think DNS over TCP needs to be
allowed on the outgoing. I tried to block and log this type of outgoing
FROM MY SOURCE IP (1023+) => REMOTE SERVERS (53) TCP
This seems to drop some long reverse dns lookup and some reverse dns that
seems to be carved out less than class c
220-227-customer-700-block-west-singapore .11.13.14.in-addr.arpa. NS
These type of queries exceed 512 bytes and require TCP ??
iptables log example from a linux host running named.. ->
IN= OUT=eth0 SRC=X.X.X.X DST=Y.Y.Y.Y LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=58067 DF PROTO=TCP SPT=49758 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0
I am not sure can someone shed light on this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog