On 8-Aug-2007, at 11:59, Jamie Bowden wrote:
I have a question related to what you posted below, and it's a pretty simple one:
How is answering a query on TCP/53 any MORE dangerous than answering it on UDP/53? Really. I'd like to know how one of these security nitwits justifies it. It's the SAME piece of software answering the query either way.
There are people (I believe; this is a little rumour-laden) who take the approach that 53/tcp is actually safer than 53/udp, since the handshake makes it easier to believe the query's source address. The approach I heard about was to reply to UDP-transport queries with some minimal answer set with TC set, and serve a more useful set of information over TCP once the re-query arrives. [I realise that the state involved in handing TCP queries on a busy server is non-trivial, and that there are many aspects to this approach which deserve raised eyebrows.] However, my point is that "TCP is more secure than UDP" also has a posse. Joe