On Fri, Apr 13, 2001 at 10:24:30AM +0530, Devdas Bhagat wrote:
> > And, of course, you must allow the response traffic back out - source port
> > 53 on your nameserver, any destination port.
> Wouldn't that be from a high port ot a high port? AFAIK, named binds
> to a high port in order to reply, so replies should be from that port.
No, from port 53 to any port as he suggested.
The replies must come from the same port to which the query was sent, or
they will be ignored by the client.
Similarly some versions of BIND (or some so-configured current versions)
will send queries _from_ port 53 (_to_ 53 of course) so you would still
want to allow responses to any ports on the clients.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
