a good rule of them is to only permit return from bind servers on udp >
1023.
piranha....
>From: Devdas Bhagat <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: "Tony Rall" <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: Which port(s) to allow through for DNS server
>Date: Fri, 13 Apr 2001 10:24:30 +0530
>
>On Fri, 13 Apr 2001, Tony Rall spewed into the ether:
>
> > And, of course, you must allow the response traffic back out - source
>port
> > 53 on your nameserver, any destination port.
>Wouldn't that be from a high port ot a high port? AFAIK, named binds
>to a high port in order to reply, so replies should be from that port.
>
>Devdas Bhagat
>--
>Before I knew the best part of my life had come, it had gone.
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
