* Patrick W. Gilmore: > At least one DoS mitigation box uses TCP53 to "protect" name > servers. Personally I thought this was a pretty slick trick, but it > appears to have caused a lot of problems. From the thread (certainly > not a scientific sampling), many people seem to be filtering port 53 > TCP to their name servers.
"To their name servers"? I think you mean "from their caching resolvers to 53/TCP on other hosts". > Is this common? Hopefully not. Resolvers MUST be able to make TCP connections to other name servers. > Does anyone have stats on this (roots, GTLDs, other big name server > farms)? What kind of stats? I might be able to provide some statistics about TC flag usage, but I doubt that this data is interesting.