On Mon, 7 Jun 2004, Theo Van Dinter wrote:
On Mon, Jun 07, 2004 at 02:27:10PM -0700, Michel Py wrote:
I wrote "queries", not "transfers". To begin with, I looked at customers
access-lists this morning WRT DNS and I have not found a single one that
allowed DNS over TCP except for a little number of other DNS servers
that are known to transfer zones with the DNS server protected by the
So all of their firewalls are broken. Gotcha. :)
And this isn't a big issue. Any firewall that doesn't allow TCP DNS is
probably one someone has set up manually. And that means they'll know how
to fix it when it breaks something.