Suspecious DNS traffic

Matus UHLAR - fantomas uhlar at fantomas.sk
Mon Mar 25 16:46:22 UTC 2013


On 26.03.13 00:21, babu dheen wrote:
>Hi Matus,

please, skip personal replies. this is mailing listand issued should be
discussed here.

>Still not convinced because if i need to allow >1024 port from  our DNS
> server to external world(internet)..  where is the security?

If you have statefull firewall, you simply need to allow "open" connections
(statefull firewalls can track outgoing UDP packets and match the replies).
If not, you have to allow all traffic from port 53 on remote DNS servers to
your DNS server. Since you can't know all DNS servers, you have to allow all
incoming traffic to your DNS server where source port is 53.

all the "security" is useless if blocks your service. Luckily, most of
firewalls can track the "connection" state.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.



More information about the bind-users mailing list