[dns-operations] Shameless plug for our Zonecheck software (Was: af.mil DNS issue
Peter Dambier
peter at peter-dambier.de
Mon Jul 3 22:02:48 UTC 2006
John Payne wrote:
> On Jul 3, 2006, at 4:21 PM, Stephane Bortzmeyer wrote:
>
>
>>On Mon, Jul 03, 2006 at 04:13:24PM -0400,
>> John Payne <john at sackheads.org> wrote
>> a message of 21 lines which said:
>>
>>
>>>If I choose NOT to, I have zero reason for TCP or EDNS0 queries.
>>
>>BTW, I can understand (I did not say "agree") why some people hesitate
>>to allow TCP but what's the problem with EDNS0?
>
>
> Why code something I don't have a need for? Code bloat is never
> something to be proud of... and leaving unexercised code paths lying
> around is a time bomb.
>
I have seen people arguing that udp is bad. You can fake source addresses
to missuse it for amplifying attacks. If DNS was tcp only there would be
no amplifying attacks.
The part I would leave away is axfr.
The contents of domains like de or fr is a trade secret. That is why almost
nobody allows axfr. The few who allow it could just use html or ftp with
better performance. :) :) :)
I think there is only one good reason to block dns tcp
http://support.microsoft.com/?id=820284
Mail may not be delivered to certain domains if Server OS is Windows Server 2003
CAUSE
This issue occurs if all the following conditions are true:
The DNS computer that your SMTP computer queries to obtain the mail exchanger
(MX) resource records of the destination computer is configured to only accept
User Datagram Protocol (UDP) queries.
...
Cheers
Peter and Karin Dambier
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the dns-operations
mailing list