On Wed, Feb 05, 2003 at 12:52:37PM +0000, Darren Birkett wrote:
>
> . My question is - should I open UDP port 53 or TCP port 53?
>
Yes. Both. There is a myth/misunderstanding that BIND only uses TCP
for "zone transfers" and so TCP/53 is commonly blocked. In actuality,
if the DNS reply is bigger than the payload size of a UDP packet then
BIND will use TCP/53 to transfer the reply. Unfortunately it is
common that TCP/53 is blocked due to the myth/misunderstanding so you
may not gain much by having the port open due to the widespread nature
of the misconfiguration.
-- Brett LymnReceived on Wed Feb 05 2003 - 16:17:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:15 MST