Greeting all,
I did see a firewall setup which protect their DNS server by only allow
source port 53 can do recursive queries to their DNS server.
For example, if I disable my source port option equal to 53 in BIND 8.2, I
cannot connect to their DNS server, because my DNS server not using port
53. However, if I enable the source port option equal to 53, my DNS server
can connect to their DNS server. I've use traceroute to figure out this.
This might bring us another question, could this be a problem if I the
setup of the firewall rules only allow source port 53 to connect to DNS
port(port 53) ? What I can see is this is similiar to the source port
vulnebility in ftp problem. Agree ?
Any suggection.
Regards,
== Yen Jet ==
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Chan: "The bad news is, the Y2K bug will make all of our computers
thinks it's the year 1900. The good news is, that gives us
an extra 100 years to fix the problem!"
============================8<=======================================
On Mon, 5 Jul 1999, Vanja Hrustic wrote:
> Date: Mon, 05 Jul 1999 20:06:39 +0700
> From: Vanja Hrustic <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: DNS
>
> Small & silly problem.
>
> Intranet ==> DNS ==> Intenet
>
> In this case, DNS is the machine that has assigned 'normal' IP address
> (visible/accessible from Internet), and is used to resolve Internet
> addresses for Intranet users.
>
> The question.
>
> Is there any reason why DNS server should accept connections at port 53
> (tcp or/and udp) from the 'outer' world? As much as I can understand, there
> is no need. But... I ask, just to make sure :)
>
> Thanks.
>
> Vanja
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
