Security Basics mailing list archives
RE: Securing DNS Server
From: "Daniel Miessler" <danielrm26 () hotmail com>
Date: Mon, 4 Nov 2002 23:25:51 -0500
But it turned out that when our DNS Server has to query a root name server, it sends out a UDP query with a random higher (>1023) source port number, which means that I will have to open >1023 Ports access
to
this server from outside.
You don't have to open ports on your firewall that correspond with the source port number of your outgoing traffic. You can make any DNS queries without opening ports; you only need to open ports to OFFER service, not to request it. And even then, it is only going to be UDP (and possibly TCP) port 53. --Daniel
Current thread:
- Securing DNS Server Naman Latif (Nov 04)
- RE: Securing DNS Server Michael Vaughan (Nov 05)
- RE: Securing DNS Server Daniel Miessler (Nov 05)
- Re: Securing DNS Server Bennett Todd (Nov 08)
- <Possible follow-ups>
- RE: Securing DNS Server Naman Latif (Nov 05)
- RE: Securing DNS Server Steven Schullo (Nov 06)
- RE: Securing DNS Server Mustafa Baig (Nov 06)
- RE: Securing DNS Server Naman Latif (Nov 06)
- Re: Securing DNS Server Bennett Todd (Nov 06)