On Tue, Jun 20, 2006 at 10:53:00AM -0700, Wolfgang S. Rupprecht wrote: > "Dan Farrell" <[EMAIL PROTECTED]> writes: > > Correct me if I'm wrong (and I usually am) but I thought DNS (and named > > specifically) only used tcp connections for zone transfers. > > Last time I looked named used TCP any time a packet needed to be > fragmented due to size. It is highly unlikely that the OP will have a > fully functional system after turning off 53/tcp to named traffic. > > -wolfgang > >
As long as you don't do zone transfers or need large records, it doesn't matter that much. [EMAIL PROTECTED]:~$ sudo pfctl -vs rules | grep -A 1 domain pass in on vr0 inet proto tcp from <dns> to 10.0.0.1 port = domain keep state [ Evaluations: 89 Packets: 0 Bytes: 0 States: 0 ] pass in on vr0 inet proto udp from <dns> to 10.0.0.1 port = domain keep state [ Evaluations: 17860 Packets: 11257 Bytes: 1047939 States: 0 ] Tobias
