using TCP53 for DNS
Florian Weimer
fw at deneb.enyo.de
Tue Apr 26 18:45:16 UTC 2005
* Patrick W. Gilmore:
> At least one DoS mitigation box uses TCP53 to "protect" name
> servers. Personally I thought this was a pretty slick trick, but it
> appears to have caused a lot of problems. From the thread (certainly
> not a scientific sampling), many people seem to be filtering port 53
> TCP to their name servers.
"To their name servers"? I think you mean "from their caching
resolvers to 53/TCP on other hosts".
> Is this common?
Hopefully not. Resolvers MUST be able to make TCP connections to
other name servers.
> Does anyone have stats on this (roots, GTLDs, other big name server
> farms)?
What kind of stats? I might be able to provide some statistics about
TC flag usage, but I doubt that this data is interesting.
More information about the NANOG
mailing list