[unisog] DNS over TCP should we block
pmeunier at cerias.purdue.edu
Tue Jan 4 19:31:37 GMT 2005
As a connection bandwidth is increasingly consumed, DNS over UDP will fail
much sooner than over TCP -- I have experienced this. Why would you want to
block it over TCP?
Purdue University CERIAS
On 1/4/05 2:01 PM, "Vijay S Sarvepalli VSSARVEP" <VSSARVEP at uncg.edu> wrote:
> This may have been discussed already. I think DNS over TCP needs to be
> allowed on the outgoing. I tried to block and log this type of outgoing
> FROM MY SOURCE IP (1023+) => REMOTE SERVERS (53) TCP
> This seems to drop some long reverse dns lookup and some reverse dns that
> seems to be carved out less than class c
> for e.g.
> 126.96.36.199.in-addr.arpa. CNAME
> 220-227-customer-700-block-west-singapore .11.13.14.in-addr.arpa
> 220-227-customer-700-block-west-singapore .11.13.14.in-addr.arpa. NS
> These type of queries exceed 512 bytes and require TCP ??
> iptables log example from a linux host running named.. ->
> IN= OUT=eth0 SRC=X.X.X.X DST=Y.Y.Y.Y LEN=60 TOS=0x00 PREC=0x00 TTL=64
> ID=58067 DF PROTO=TCP SPT=49758 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0
> I am not sure can someone shed light on this?
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog