Question about connections to BIND and tcp 443
atkac at redhat.com
Wed Aug 22 15:31:51 UTC 2012
On Wed, Aug 22, 2012 at 08:38:18AM -0600, Moore, Mark A. wrote:
> Good afternoon. We are currently running BIND on our RHEL 5.x servers and see connection attempts from our internal clients to the BIND on tcp 443. They are currently being block from connecting to 443 since these servers are only DNS. Is there any reason for clients to connect to tcp 443 for any type of DNS resolution? Just want to confirm before I dig deeper into this issue.
> Thx in advance for any assistance provided.
If some of your clients use dnssec-trigger for DNSSEC setup (http://www.nlnetlabs.nl/projects/dnssec-trigger), it can probe your server for "DNS-over-SSL". Check dnssec-trigger overview, section "How does it work" for more details.
Note this doesn't mean you should allow connections to port 443.
Adam Tkac, Red Hat, Inc.
More information about the bind-users