Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: General --> Category: infos

DNS Server on UDP and TCP Vulnerability Scan

Vulnerability Scan Summary
Checks if the remote DNS servers answers on TCP too

Detailed Explanation for this Vulnerability Test

A DNS server is running on this port but it only
answers to UDP requests.
This means that TCP requests are blocked by a firewall.

This configuration is not RFC-compliant. Contrary to
common belief, TCP transport is not restricted to zone
transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
over TCP.
- for all other requests, UDP is only 'preferred' for
performance reasons. i.e. RFC1035 (STD0013) does not forbid
a DNS client from issuing its queries directly over TCP.

** If you are sure that your DNS server will never return
** answers bigger than 512 bytes and that the client
** software prefers UDP (which is nearly certain), you may
** disregard this message.

Read RFC1035 (STD0013) for more information.

Threat Level: None

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.