Security Basics mailing list archives
RE: domain ACL?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 29 Jul 2003 08:43:05 -0700
Most DNS servers probably respond on the same port as was the origin of the query they're responding to. Some clients (and a DNS server that forwards or recurses a request is also a client) issue requests FROM port 53 as well as to. UDP to port 53 should be accepted from any port. DNS responses may be directed to any port, but should be coming from port 53. David Gillett
-----Original Message----- From: Glenn English [mailto:ghe () slsware com] Sent: July 28, 2003 18:38 To: security-basics () securityfocus com Subject: domain ACL? My understanding is that UDP connects to port 53 should be allowed only from ports > 1023. When I set that, I get *many* deny's coming from port 53 UDP to port 53. Is there a legit reason for that connection? My new firewall is scribbling all over my log :-) -- Glenn English ghe () slsware com -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- domain ACL? Glenn English (Jul 29)
- RE: domain ACL? David Gillett (Jul 29)
- Re: domain ACL? Peter Bruderer (Jul 29)