[9.2.3] Resticting ports

Ketil Froyn isc_bind at ketil.froyn.name
Thu Nov 11 10:14:33 UTC 2004

On Thu, 2004-11-11 at 09:23, Helmut Schneider wrote:

> query-source address * port 53;

Don't do that. DNS forgery is much easier when you do that, and some
firewalls will probably block queries originating from port 53 as well.

For more information on DNS forgery, read this:


Ketil Froyn
ketil at froyn.name

More information about the bind-users mailing list