Hi, there's quite a lot to read about open UPD and TCP port for DNS queries. I read an article from a tech guru from microsoft as follow:-) http://certcities.com/editorial/columns/story.asp?EditorialsID=144&page=2 As I understand RFC 1035 answering packet's over TCP are truncated at a limit of 512 bytes but it could be more ... Isn't it the comparing this document the best way while using UDP to DROP TCP packets over port 53 and to allow only UDP port 53 at it does not use the IP protocol ? Ok, I know there could be a problem in the inside of a webserverfarm and you need to allow both protocols and he is refering to this but generally I would like prefer to avoid TCP over port 53 concerning to avoid a man-in-the-middle attack. -- Best Regards, Mark. "Hello, I am brand new to meditation, and I have a frustrating habit of falling asleep in class. I don't know how to stop this. When my teacher tells us to relax our bodies and focus on breathing, my body relaxes, but so does my brain."
