Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
2
Replies

DNS filtering

brymiller
Level 1
Level 1

‎07-28-2005 01:29 PM - edited ‎03-09-2019 11:59 AM

Often you will see DNS filtered as UDP on port 53 (domain), yet DNS can also be TCP (also port 53, keyword domain). Is anyone aware of DNS implementations that use TCP? If asked to filter DNS would you create two ACEs, one UDP, one TCP?

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎07-28-2005 05:44 PM

In general the TCP usage of DNS is for zone transfers. In general I would do a filter for UDP and be satisfied. Of course the best answer is to ask for clarification of exactly what they want and how restrictive they want to be.

HTH

Rick

HTH

Rick
0 Helpful

brymiller
Level 1
Level 1

‎08-15-2005 11:52 AM

Found this gem in the PIX doc...

http://tinyurl.com/a94fc

You should have two access-list command statement definitions to permit access to the following ports:

•DNS, Discard, Echo, Ident, NTP, RPC, SUNRPC, and Talk each require one definition for TCP and one for UDP.

•PPTP requires one definition for port 1723 on TCP and another for port 0 and GRE.

•TACACS+ requires one definition for port 65 on TCP and another for port 49 on UDP.

0 Helpful
Customers Also Viewed These Support Documents