Security Basics mailing list archives

Re: domain ACL?

From: Peter Bruderer <brudy () bruderer-research com>
Date: Tue, 29 Jul 2003 18:01:27 +0200


According to RFC 1035(?) the source port of a DNS query is 53 or >1023. Newer 
DNS servers have by default a source port >1023 but connections from port 53 
are absolutely legal.

On Tuesday 29 July 2003 03:38, Glenn English wrote:

My understanding is that UDP connects to port 53 should be allowed only
from ports > 1023. When I set that, I get *many* deny's coming from port
53 UDP to port 53.

Is there a legit reason for that connection? My new firewall is
scribbling all over my log :-)


-- 
  Peter Bruderer                 mailto:brudy () bruderer-research com
  Bruderer Research GmbH                      Tel ++41 52 620 26 53
  IT Security Services                        Fax ++41 52 620 26 54
  CH-8200 Schaffhausen             http://www.bruderer-research.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

domain ACL? Glenn English (Jul 29)
- RE: domain ACL? David Gillett (Jul 29)
- Re: domain ACL? Peter Bruderer (Jul 29)