I added NAT on my router to open up port 53. Is that what you are
referencing?
On 2014-12-07 23:28, Michael Butash wrote:
You'll want to allow tcp/53 if doing any sort of public dns - anything
greater than 1500 bytes (ie most domain-keys//spf records), and also
any anomaly mitigation gear (the things that keep 400gb DDoS at bay)
use that to figure our if you're real or not. Blocking tcp for dns is
not a good idea as a whole, it's just RFC-compliant behavior things
expect.
-mb
On 12/07/2014 09:17 PM, der.hans wrote:
BTW, also firewall TCP port 53 to only allow connections from your
slaves
unless you're certain you really want it open.
ciao,
der.hans
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
