Yes, I am confirming this. Zone transfer uses TCP/53, while queries use UDP/53.
Regards, Leonard Ong Network Security Specialist, APAC NOKIA Email. [EMAIL PROTECTED] Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 -----Original Message----- From: ext Daniel Miessler [mailto:danielrm26@;hotmail.com] Sent: Friday, November 01, 2002 1:20 AM To: 'Carl R Diliberto'; 'security-basics' Subject: RE: TCP DNS requests Zone Transfers use TCP instead of UDP on port 53. That is most likely what you are seeing. --Daniel > We are reporting TCP based DNS requests to one of our DNS servers coming > from internal, client IP addresses. My manager would like to block the TCP > packets. What or why would their be random TCP packets? We monitored > several clients and it appears it only needs UDP.