Suspecious DNS traffic

babu dheen babudheen at
Mon Mar 25 16:21:30 UTC 2013

Hi Matus,

Still not convinced because if i need to allow >1024 port from  our DNS server to external world(internet).. where is the security?

I beleive we just need to allow TCP and UDP 53 from our DNS server to internet(any) which is already done. Not sure why we have to open non standard port from our DNS server to internet?

Kindly provide some details.


 From: Matus UHLAR - fantomas <uhlar at>
To: bind-users at 
Sent: Monday, 25 March 2013 3:30 PM
Subject: Re: Suspecious DNS traffic
On 25.03.13 16:59, babu dheen wrote:
>  I am able to query one of the PTR record available in my company BIND
> caching DNS server from internet(ANY IP address) successfully.  As per
> your statement, If I am denying the response, how could I get response
> successfully?

you must allow the packets from TCP+UDP port 53 coming to any >=1024 port on
your nameserver.

-- Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. _______________________________________________
Please visit to unsubscribe from this list

bind-users mailing list
bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list