-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill Owens wrote:
On Fri, Jun 13, 2008 at 02:14:55PM -0400, Jon Kibler wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Price wrote: <SNIP>
From what I have read, public DNS servers should support both UDP and TCP queries. TCP queries are often used when a UDP query fails, or if the answer is over a certain length.
UDP is used for queries.
TCP is used for zone transfers.
If my server responded to TCP queries from anyone other than a secondary server, I would be VERY concerned.
Red alert:
[cookiemonster:~] owens% dig +tcp aset.com @209.190.93.130 soa
; <<>> DiG 9.4.2 <<>> +tcp aset.com @209.190.93.130 soa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5864 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;aset.com. IN SOA
;; ANSWER SECTION: aset.com. 14400 IN SOA ns1.sims.net. hostmaster.aset.com. 2006111001 10800 3600 3600000 86400
;; AUTHORITY SECTION: aset.com. 14400 IN NS ns3.trustns.net. aset.com. 14400 IN NS ns1.sims.net. aset.com. 14400 IN NS ns1.trustns.net. aset.com. 14400 IN NS ns2.sims.net. aset.com. 14400 IN NS ns2.trustns.net.
;; ADDITIONAL SECTION: ns1.sims.net. 86400 IN A 209.190.93.130 ns2.sims.net. 86400 IN A 209.190.93.132
;; Query time: 31 msec ;; SERVER: 209.190.93.130#53(209.190.93.130) ;; WHEN: Fri Jun 13 14:31:13 2008 ;; MSG SIZE rcvd: 211
UGH. Apparently hosting provider must have messed with IPTABLES on that system. Thanks for the heads up. (Open mouth, insert foot.) Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSww0ACgkQUVxQRc85QlNk5wCfZT8s3CYDjb3lj86xU/k1N2+m 1O8AnAuSLaFthAwmBwUAmNS0MePFo/SF =/Ol5 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.