Security Basics mailing list archives

RE: domain ACL?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 29 Jul 2003 08:43:05 -0700

  Most DNS servers probably respond on the same port as was the 
origin of the query they're responding to.  Some clients (and a
DNS server that forwards or recurses a request is also a client)
issue requests FROM port 53 as well as to.
  UDP to port 53 should be accepted from any port.  DNS responses
may be directed to any port, but should be coming from port 53.

David Gillett

-----Original Message-----
From: Glenn English [mailto:ghe () slsware com]
Sent: July 28, 2003 18:38
To: security-basics () securityfocus com
Subject: domain ACL?

My understanding is that UDP connects to port 53 should be 
allowed only
from ports > 1023. When I set that, I get *many* deny's 
coming from port
53 UDP to port 53.

Is there a legit reason for that connection? My new firewall is
scribbling all over my log :-)

-- 
Glenn English
ghe () slsware com

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

domain ACL? Glenn English (Jul 29)
- RE: domain ACL? David Gillett (Jul 29)
- Re: domain ACL? Peter Bruderer (Jul 29)