Security Basics mailing list archives

Securing DNS Server

From: "Naman Latif" <naman.latif () inamed com>
Date: Fri, 1 Nov 2002 16:31:14 -0800

Hi,
I am trying to restrict Access to our DNS Server from Outside using a
Cisco IOS Firewall. Initially we only had Port 53 Access to this Server
from outside.
But it turned out that when our DNS Server has to query a root name
server, it sends out a UDP query with a random higher (>1023) source
port number, which means that I will have to open >1023 Ports access to
this server from outside.
In this situtation How do I protect my DNS server from outside attacks
on higher port numbers ?
Is there a range of Source Port numbers that a BIND DNS server would
use, when querying outside servers ?

Current thread:

Securing DNS Server Naman Latif (Nov 04)
- RE: Securing DNS Server Michael Vaughan (Nov 05)
- RE: Securing DNS Server Daniel Miessler (Nov 05)
- Re: Securing DNS Server Bennett Todd (Nov 08)
- <Possible follow-ups>
- RE: Securing DNS Server Naman Latif (Nov 05)
  - RE: Securing DNS Server Steven Schullo (Nov 06)
- RE: Securing DNS Server Mustafa Baig (Nov 06)
- RE: Securing DNS Server Naman Latif (Nov 06)
  - Re: Securing DNS Server Bennett Todd (Nov 06)