Family: General --> Category: infos
DNS Server on UDP and TCP Vulnerability Scan
Vulnerability Scan Summary
Checks if the remote DNS servers answers on TCP too
Detailed Explanation for this Vulnerability Test
A DNS server is running on this port but it only
answers to UDP requests.
This means that TCP requests are blocked by a firewall.
This configuration is not RFC-compliant. Contrary to
common belief, TCP transport is not restricted to zone
transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
- for all other requests, UDP is only 'preferred' for
performance reasons. i.e. RFC1035 (STD0013) does not forbid
a DNS client from issuing its queries directly over TCP.
** If you are sure that your DNS server will never return
** answers bigger than 512 bytes and that the client
** software prefers UDP (which is nearly certain), you may
** disregard this message.
Read RFC1035 (STD0013) for more information.
Threat Level: None
Click HERE for more information and discussions on this network vulnerability scan.