Suspecious DNS traffic

babu dheen babudheen at
Tue Mar 26 18:40:52 UTC 2013

Dear Matus,
I think you got my point. Yes. I am using Stateful Firewall and not sure my DNS server connecting to remote DNS  on non standard port?
So where i need to now look?
Papdheen M

From: Matus UHLAR - fantomas <uhlar at>
To: bind-users at 
Sent: Monday, 25 March 2013 7:46 PM
Subject: Re: Suspecious DNS traffic

On 26.03.13 00:21, babu dheen wrote:
>Hi Matus,

please, skip personal replies. this is mailing listand issued should be
discussed here.

>Still not convinced because if i need to allow >1024 port from  our DNS
> server to external world(internet)..  where is the security?

If you have statefull firewall, you simply need to allow "open" connections
(statefull firewalls can track outgoing UDP packets and match the replies).
If not, you have to allow all traffic from port 53 on remote DNS servers to
your DNS server. Since you can't know all DNS servers, you have to allow all
incoming traffic to your DNS server where source port is 53.

all the "security" is useless if blocks your service. Luckily, most of
firewalls can track the "connection" state.
Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
Please visit to unsubscribe from this list

bind-users mailing list
bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list