26 Apr
2005
26 Apr
'05
2:45 p.m.
* Patrick W. Gilmore:
At least one DoS mitigation box uses TCP53 to "protect" name servers. Personally I thought this was a pretty slick trick, but it appears to have caused a lot of problems. From the thread (certainly not a scientific sampling), many people seem to be filtering port 53 TCP to their name servers.
"To their name servers"? I think you mean "from their caching resolvers to 53/TCP on other hosts".
Is this common?
Hopefully not. Resolvers MUST be able to make TCP connections to other name servers.
Does anyone have stats on this (roots, GTLDs, other big name server farms)?
What kind of stats? I might be able to provide some statistics about TC flag usage, but I doubt that this data is interesting.