Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: using TCP53 for DNS

  • From: Florian Weimer
  • Date: Tue Apr 26 14:49:57 2005 
* Patrick W. Gilmore:

> At least one DoS mitigation box uses TCP53 to "protect" name  
> servers.  Personally I thought this was a pretty slick trick, but it  
> appears to have caused a lot of problems.  From the thread (certainly  
> not a scientific sampling), many people seem to be filtering port 53  
> TCP to their name servers.

"To their name servers"?  I think you mean "from their caching
resolvers to 53/TCP on other hosts".

> Is this common?

Hopefully not.  Resolvers MUST be able to make TCP connections to
other name servers.

> Does anyone have stats on this (roots, GTLDs, other big name server
> farms)?

What kind of stats?  I might be able to provide some statistics about
TC flag usage, but I doubt that this data is interesting.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.