TLD Survey:Risks

• Closed to TCP Queries, Conclusion

  • Under no circumstances should you ever block TCP queries to port 53

    • If you want to secure your machines against AXFR/IXFR from unauthorized sources, use protections built into your name server software to restrict these queries to specific IP address (ranges) and/or cryptographic keys
  • If your name server software does not support TCP queries by default, ensure that you configure it in a way that you handle them correctly

Previous slide

Next slide

Back to first slide

View graphic version