telnet to port 53
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 14 19:32:48 UTC 1999
Donal Diamond wrote:
> > > > >> Should I be able to telnet to port 53? If not, how can i disable it?
> > > > >>
> > > > >> Thanks
>
> Hi - I have a similar query. I am quite new to BIND and this newsgroup (less than 24hrs!) so please forgive me if this has already
> been answered.
> I am using BIND 8.2.2 patchlevel 5 as a caching only server on FreeBSD 3.3-STABLE.
> In the interests of security and to ensure there are no zone transfer attempts etc. I want to disable named running on TCP port
> 53. I only want UDP 53 open.
> As I have been told a golden rule in securing a box is to get rid of services that are not needed.
> I would prefer to be able to disable TCP port 53 using some startup option on BIND rather than filtering it out using a firewall.
>
> Is this possible?
You wouldn't want to do that, because there are "normal" (non-zone-transfer) situations where a client needs to do a query via TCP,
e.g. because the answer to the query doesn't fit in a UDP packet.
DNS running on TCP/53 is the effectively the same service as DNS on UDP/53, so I doubt that the golden rule applies. If you want to
lock down zone transfers, use allow-transfer.
- Kevin
More information about the bind-users
mailing list