Do I need to allow UDP/500 packets (ISAKMP) to my bind DNS servers for DNSSEC? I've been seeing a lot of UDP/500 attempts from the general internet to my public DNS servers, and can't figure out why. The Wikipedia page for DNSSEC doesn't mention anything about ISAKMP or VPN tunnels. -- deny ip any any (4393649193 matches)