This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote DNS server is not RFC1035 compliant.
A DNS server is running on this port but it only answers to UDP
requests. This means that TCP requests are blocked by a firewall.
This configuration is not RFC-compliant. Contrary to common belief,
TCP transport is not restricted to zone transfers (AXFR) :
- answers bigger than 512 bytes are always transmitted
- for all other requests, UDP is only 'preferred' for
performance reasons. i.e. RFC1035 (STD0013) does not
forbid a DNS client from issuing its queries directly
See also :
If you are sure that the DNS server will never return answers bigger
than 512 bytes and that the client software prefers UDP (which is
nearly certain), you may ignore this message.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now