[unisog] DNS over TCP should we block

Pascal Meunier pmeunier at cerias.purdue.edu
Tue Jan 4 19:31:37 GMT 2005


As a connection bandwidth is increasingly consumed, DNS over UDP will fail
much sooner than over TCP -- I have experienced this.  Why would you want to
block it over TCP?

Cheers,
Pascal Meunier
Purdue University CERIAS


On 1/4/05 2:01 PM, "Vijay S Sarvepalli VSSARVEP" <VSSARVEP at uncg.edu> wrote:

> This may have been discussed already.  I think DNS over TCP needs to be
> allowed on the outgoing.  I tried to block and log this type of outgoing
> queries
> FROM MY SOURCE IP (1023+) => REMOTE SERVERS (53) TCP
> 
> This seems to drop some long reverse dns lookup and some reverse dns that
> seems to be carved out less than class c
> for e.g.
> 
> 220.11.13.144.in-addr.arpa.     CNAME
> 220-227-customer-700-block-west-singapore .11.13.14.in-addr.arpa
> 220-227-customer-700-block-west-singapore .11.13.14.in-addr.arpa.   NS
> nsab.teledyne.com
> 
> These type of queries exceed 512 bytes and require TCP ??
> iptables log example from a linux host running named.. ->
> IN= OUT=eth0 SRC=X.X.X.X DST=Y.Y.Y.Y LEN=60 TOS=0x00 PREC=0x00 TTL=64
> ID=58067 DF PROTO=TCP SPT=49758 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0
> 
> I am not sure can someone shed light on this?
> 
> Vijay
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog





More information about the unisog mailing list