DNS TCP Queries are normally done server to server for zone transfer etc. Why scanner has to make TCP query. However you can add the IP of client in section [ZONE-REPLICATION], permitting the TCP DNS Queries.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Log file:
Dual Server Version 5.2Beta Windows Build 5.200
[11-Nov-07 14:38:18] Starting DNS Service
[11-Nov-07 14:38:18] Forwarding DNS Server: 193.162.153.164
[11-Nov-07 14:38:18] DNS Service Permitted Hosts: 1.0.0.1-255.255.255.254
[11-Nov-07 14:38:18] Host Expiry: 360000 (sec)
[11-Nov-07 14:38:18] Server Name: VMWare-XP-Test
[11-Nov-07 14:38:18] Authority for Zone: WIT (1.168.192.in-addr.arpa)
[11-Nov-07 14:38:18] Listening On: 192.168.1.34
[11-Nov-07 14:38:18] Logging: All
[11-Nov-07 14:38:44] TCP Client 192.168.1.60, DNS TCP Query, Access Denied
The client is a scanner with IP 192.168.1.60.
Why is it denied access?
DNS TCP Queries are normally done server to server for zone transfer etc. Why scanner has to make TCP query. However you can add the IP of client in section [ZONE-REPLICATION], permitting the TCP DNS Queries.