[dns-operations] DNS Issue

Edward Lewis ed.lewis at neustar.biz
Mon Apr 29 18:46:36 UTC 2013

On Apr 26, 2013, at 8:24, Cihan SUBASI (GARANTI TEKNOLOJI) wrote:

> Hi,
> Also can someone explain why tcp53 should be allowed on the firewalls if dns is behind a firewall?

In addition to other already posted reasons, TCP isn't susceptible to reflection attacks.  (FWIW.)

> And why auditors do not like tcp53 open to public?

Can't read their minds, but, well, the auditor has at least been misinformed on how DNS works.

Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

There are no answers - just tradeoffs, decisions, and responses.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130429/a117439a/attachment.html>

More information about the dns-operations mailing list