Bind 8.3.1 on win2000 with port mapping

Eivind Olsen eivind.olsen at ttyl.com
Tue Feb 19 14:27:47 UTC 2002


--On 19. februar 2002 06:22 -0800 Chris F <freaknetboy at yahoo.com> wrote:
> 53/tcp is only used for zone transfers.

No it's not. It's also being used if for example the reply for a query 
becomes too large.

> Only open 53/tcp to those whom you trust to pull your
> zones.

No - if the nameserver is a public one (serving any domain) you should 
leave port 53 - both TCP and UDP - open. You might of course limit who can 
do zone transfers if you feel like it, but that should _not_ be done by 
just blocking port 53 TCP. It should be done by for example the 
allow-transfer statement in named.conf.

-- 
Talk To You Later
Eivind Olsen




More information about the bind-users mailing list