DNS migration and folks that don't play nice
Bruce Dawson
jbd at codemeta.com
Mon Apr 10 12:46:01 EDT 2006
Kevin D. Clark wrote:
> Bruce Dawson writes:
>
>>Add to this the fact that most BIND servers operate using UDP instead of
>>TCP, and its easy to understand how BIND servers could become
>>corrupt.
>
> How does the fact that a BIND server uses TCP instead of UDP make it
> more or less secure?
Its more a reliability than a security issue. UDP is more suseptible to
DOS attacks than TCP. Its also easier to spoof (largely because its
simpler than TCP). Keep in mind that TCP has packet counts, checksums,
... UDP has none of that.
--Bruce
More information about the gnhlug-discuss
mailing list