TCP port 53
Patrick Schaaf
bof@bof.de
Wed, 16 Jan 2002 15:03:06 +0100
On Wed, Jan 16, 2002 at 11:25:26PM +1100, Taso Hatzi wrote:
>
> Is tcp port 53 normally trafficked
Yes. Whenever a single DNS response gets larger than about 500 byte,
resolvers fall back to TCP instead of UDP. This happens very rarely,
because almost all DNS replies fit 500 byte, but is nevertheless normal
protocol behaviour.
If you are worried about TCP port 53 used for DNS zone transfers,
make the suitable access lists in your DNS server software.
> and should the SYN flag be set on opening a connection?
The SYN flag is set on any proper TCP connection start, regardless
of application level protocol.
best regards
Patrick