Correct Ports?
Peter Billson
pete at elbnet.com
Wed Jun 6 18:30:24 UTC 2001
> This setup seems reasonable to me - however, what reason do you have
> for _not_ allowing incoming DNS packets from privileged ports != 53?
> I have still failed to see what harm it could do if a DNS request came
> from e.g. the FTP port. After all, it's the destination port (service
> in IPv6) that matters, not the source port. That one is just there to
> help route incoming reply packets to the correct application.
Well two purposes to my question:
1) Trying to make sure my firewall is as restrictive as possible without
breaking things.
2) With the firewall set as described I have been logging a number of
packets that would get rejected. While some seem to be real DNS requests
(i.e. 10-15 packets logged and tries on multiple name servers if the
first fails), a great many seem to be bogus requests (i.e. only one or
two packets and only to one server). Reverse look ups of the IPs often
do not resolve to anything which makes me wonder if it isn't just people
probing away looking for a weakness.
Pete
--
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting
More information about the bind-users
mailing list