I recently repeated the DNS over TCP survey given to the REN-ISAC community with the FIRST community. FIRST membership is largely made up of incident response teams from around the globe. All types of industry sectors are represented within FIRST such as national CSIRTs, banks, governments, and software vendors. I thought it might be interesting to repeat the survey with a security community where there may be some, but relatively little overlap in membership. I expected FIRST survey respondents to express a greater desire to block or restrict DNS over TCP traffic than their REN-ISAC counterparts. The evidence failed to support that belief.

In April of this year I conducted an informal two-question survey aimed at the general membership population of the REN-ISAC community. The intent was to gather personal positions and associated member institution stances on DNS over TCP (i.e. should it be filtered, restricted, or unfettered). I was interested in gathering Internet community perceptions after a recently submitted Internet-Draft on DNS Transport over TCP was adopted by the IETF dnsop working group. REN-ISAC participants are generally well regarded, having both a breadth of knowledge and above average technical expertise. I had hoped the results would demonstrate the “best case” representation of any organized security community. By best case, I mean those who realize the pitfalls of filtering or restricting DNS over TCP traffic, and who would generally accept that it ought to be allowed unfettered.