Suspecious DNS traffic
babu dheen
babudheen at yahoo.co.in
Tue Mar 26 18:40:52 UTC 2013
Dear Matus,
I think you got my point. Yes. I am using Stateful Firewall and not sure my DNS server connecting to remote DNS on non standard port?
So where i need to now look?
Regards
Papdheen M
________________________________
From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
To: bind-users at lists.isc.org
Sent: Monday, 25 March 2013 7:46 PM
Subject: Re: Suspecious DNS traffic
On 26.03.13 00:21, babu dheen wrote:
>Hi Matus,
please, skip personal replies. this is mailing listand issued should be
discussed here.
>Still not convinced because if i need to allow >1024 port from our DNS
> server to external world(internet).. where is the security?
If you have statefull firewall, you simply need to allow "open" connections
(statefull firewalls can track outgoing UDP packets and match the replies).
If not, you have to allow all traffic from port 53 on remote DNS servers to
your DNS server. Since you can't know all DNS servers, you have to allow all
incoming traffic to your DNS server where source port is 53.
all the "security" is useless if blocks your service. Luckily, most of
firewalls can track the "connection" state.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130327/85564823/attachment.html>
More information about the bind-users
mailing list