using TCP53 for DNS

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Patrick W. Gilmore:

> At least one DoS mitigation box uses TCP53 to "protect" name  
> servers.  Personally I thought this was a pretty slick trick, but it  
> appears to have caused a lot of problems.  From the thread (certainly  
> not a scientific sampling), many people seem to be filtering port 53  
> TCP to their name servers.

"To their name servers"?  I think you mean "from their caching
resolvers to 53/TCP on other hosts".

> Is this common?

Hopefully not.  Resolvers MUST be able to make TCP connections to
other name servers.

> Does anyone have stats on this (roots, GTLDs, other big name server
> farms)?

What kind of stats?  I might be able to provide some statistics about
TC flag usage, but I doubt that this data is interesting.

• Previous message (by thread): using TCP53 for DNS
• Next message (by thread): using TCP53 for DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]