Search Again: Re: Question to the list From: Men & Mice Support Date: Wednesday, April 26, 2000 Time: 1:26:14 pm At 2:42 PM -0500 4/26/00, Jerry Pasker-Systems Admin. wrote: >Can anyone think of a reason to allow any TCP access on my QDNS server? I >was thinking of blocking all TCP at my boarder router, since no zone >transfers go off my local area network. A SYN flood to port 53 isn't >healty to QDNS Pro. And my QDNS Pro server has been crashing randomly in >during the past several months. It'll be fine for weeks, and then go down >20 times in a couple of hours. My instincts tell me that it's a hacker >attack (some script kiddie trying to install a root-kit on my iMac? ;-) > >A SYN flood to TCP port 53 is handled quite well during the attack, but is >followed up (about 30 minutes to 1 hour later) by a severe Mac-locking >crash. > >I realize that I need port 53 UDP open to the world, but do any modern >resolvers use TCP and not UDP to do DNS lookups to other DNS servers? Yes, they do. If a query sent over UDP fails, it is repeated on TCP. If you block TCP, when your bandwidth gets filled up, you'll lose incoming DNS queries and will essentially disappear off the net. :) ____________________________________________________________________ Chris Buxton cbuxton@menandmice.com Men & Mice http://www.menandmice.com Makers of: QuickDNS Pro

Messages In This Thread: Question to the list by Jerry Pasker-Systems Admin. on Apr 26, 2000 at 12:43:56 pm Re: Question to the list by Men & Mice Support on Apr 26, 2000 at 1:26:14 pm