On 30/09/2020 10:08, Peter N. M. Hansteen via mailop wrote:
Back in the day I suppose you could get a sort of working setup with
UDP-only DNS, but this has me wondering, is there a quasi-rational
historical reason for blocking 53/TCP? As in, was there at some point in
time a 'ping of death'-like incident which I have either missed entirely
or forgotten about? If there is, I look forward to some campfire time.
I don't recall a general problem with port 53 on DNS.
Blocking TCP a way to block zone transfers, but a rubbish one.
Roll back 20 years. I've done work for many organizations where opening
1 port on a firewall required loads of sign offs. And met other
organizations where somebody is obsessed with minimizing the number of
open ports, but not really caring which ports.
I'd suggest they probably just have a default deny policy and didn't
know what they were doing. Or opening another port just too much admin.
Tim
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
