On Wed, Aug 22, 2012 at 08:38:18AM -0600, Moore, Mark A. wrote: > Good afternoon. We are currently running BIND on our RHEL 5.x servers and see > connection attempts from our internal clients to the BIND on tcp 443. They > are currently being block from connecting to 443 since these servers are only > DNS. Is there any reason for clients to connect to tcp 443 for any type of > DNS resolution? Just want to confirm before I dig deeper into this issue. > > Thx in advance for any assistance provided. > > Mark
If some of your clients use dnssec-trigger for DNSSEC setup (http://www.nlnetlabs.nl/projects/dnssec-trigger), it can probe your server for "DNS-over-SSL". Check dnssec-trigger overview, section "How does it work" for more details. Note this doesn't mean you should allow connections to port 443. Regards, Adam -- Adam Tkac, Red Hat, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users