North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: using TCP53 for DNS
* Patrick W. Gilmore: > At least one DoS mitigation box uses TCP53 to "protect" name > servers. Personally I thought this was a pretty slick trick, but it > appears to have caused a lot of problems. From the thread (certainly > not a scientific sampling), many people seem to be filtering port 53 > TCP to their name servers. "To their name servers"? I think you mean "from their caching resolvers to 53/TCP on other hosts". > Is this common? Hopefully not. Resolvers MUST be able to make TCP connections to other name servers. > Does anyone have stats on this (roots, GTLDs, other big name server > farms)? What kind of stats? I might be able to provide some statistics about TC flag usage, but I doubt that this data is interesting.