[unisog] DNS over TCP should we block
cgaylord at vt.edu
Wed Jan 5 20:59:17 GMT 2005
Leigh Heyman wrote:
> By "requests of unknown origin" did Florian mean requests from outside
> clients to internal resolvers? In that case, queries from your own
> mailservers and webservers wouldn't qualify as "unknown" and therefore
> should still happily use UDP yes?
Bottom line: if you accept UDP53 from a host, you need to accept TCP53.
Golden Rule of Firewall Configuration: Try not to be stupid.
More information about the unisog