On Mon, 2002-06-10 at 09:02, Ed Schmollinger wrote:
> No, they can't filter port 53/tcp if they expect zone transfers or large
> responses to work. Being authoritative is independent of the query
> mechanism. RFC compliance requires that TCP support be present, but for
> most setups, it can be safely disabled (via FW rules or whatever) for
> non-secondaries. The security (conscious|zealots) like to disable TCP
> because it's harder to get an interactive shell on a machine if you can
> only talk to it through UDP.

I don't want to drift further off-topic, but appending -u to netcat
isn't that much harder...

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUAPQVfW7+0ijK5TGa5AQKtigQAy45i+7AyZbF7ps0PydpISSeBWERHYe0r
Y331fXFIW9d51HtK7+A/cdtn/14RRPp42ihuU5aa6TkB8EhpwbCemV9uoE6G4KbJ
nv6Uf3R5rOf2029qFj7byVrWjI5sixrXFhSXqSYAO2W3nCIk+Rfpxbq3iEZvytVP
/yeP4OvlXR8=
=CGRy
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]