[dns-operations] AWS footnote: DNS firewall rules are UDP only
Jared Mauch
jared at puck.nether.net
Wed Jan 28 21:14:33 UTC 2015
Sadly, there are devices such as the most recent Netgear routers and firmware that block TCP queries as well in the most horrific way, e.g.:
https://www.cloudshark.org/captures/273da18d3057
- Jared
> On Jan 28, 2015, at 3:45 PM, Warren Kumari <warren at kumari.net> wrote:
>
> On Wed, Jan 28, 2015 at 2:28 PM, Fred Morris <m3047 at m3047.net> wrote:
>> I just noticed that when configuring firewall rules for an AWS instance,
>> if "DNS" is chosen then the (only) protocol automagically filled in is
>> UDP.
>>
>> To get TCP, you have to create a custom TCP rule.
>>
>> When you save, the UDP one gets saved as "DNS", the TCP one stays "custom
>> TCP rule".
>>
>
> Well, of course. What did you expect? DNS only uses UDP...
>
>
>
>
>
>
>
> <Warren runs away, giggling manically....>
>
> W
>
>> --
>>
>> Fred Morris
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
> ---maf
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list