North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: large organization nameservers sending icmp packets to dns servers.
On 8-Aug-2007, at 11:59, Jamie Bowden wrote: I have a question related to what you posted below, and it's a pretty simple one: There are people (I believe; this is a little rumour-laden) who take the approach that 53/tcp is actually safer than 53/udp, since the handshake makes it easier to believe the query's source address. The approach I heard about was to reply to UDP-transport queries with some minimal answer set with TC set, and serve a more useful set of information over TCP once the re-query arrives. [I realise that the state involved in handing TCP queries on a busy server is non-trivial, and that there are many aspects to this approach which deserve raised eyebrows.] However, my point is that "TCP is more secure than UDP" also has a posse. Joe
|