ecting to remote DNS on non standard port?
>
> So where i need to now look?
>
> Regards
> Papdheen M
>
>
>
> From: Matus UHLAR - fantomas
> To: bind-users@lists.isc.org
> Sent: Monday, 25 March 2013 7:46 PM
> Subject: Re: Suspecious DNS traffic
>
>
hy my DNS server is initiating the connection to remote
>> DNS server on non standard destination Port?
>>
>> Regards Babu
>>
>>
>>
>> *From:* Vernon Schryver *To:*
>> bind-users@lists.isc.org *Sent:* Monday, 25 March 2013 8:40 PM
>> *Sub
rd destination port is getting blocked?
>
> Not sure why my DNS server is initiating the connection to remote
> DNS server on non standard destination Port?
>
> Regards Babu
>
>
>
> *From:* Vernon Schryver *To:*
> bind-users@lists.isc.org *Sent:* Monday, 25 March
te DNS server
> on non standard destination port?
>
> Regards Babu
>
>
> *From:* "wbr...@e1b.org" *To:* babu dheen
> *Cc:* "bind-users@lists.isc.org"
> *Sent:* Monday, 25 March 2013 7:48 PM
> *Subject:* Re: Suspecious DNS traffic
>
> babu
___
> From: "wbr...@e1b.org"
> To: babu dheen
> Cc: "bind-users@lists.isc.org"
> Sent: Monday, 25 March 2013 7:48 PM
> Subject: Re: Suspecious DNS traffic
>
> babu dheen wrote on 03/25/2013 12:21:30 PM:
>
> > Still not convinced
o remote DNS server
on non standard destination Port?
Regards
Babu
From: Vernon Schryver
To: bind-users@lists.isc.org
Sent: Monday, 25 March 2013 8:40 PM
Subject: Re: Suspecious DNS traffic
> > Still not convinced because if i need to allow &g
quot;bind-users@lists.isc.org"
Sent: Monday, 25 March 2013 7:48 PM
Subject: Re: Suspecious DNS traffic
babu dheen wrote on 03/25/2013 12:21:30 PM:
> Still not convinced because if i need to allow >1024 port from our
> DNS server to external world(internet).. where is the security?
Sent: Monday, 25 March 2013 7:46 PM
Subject: Re: Suspecious DNS traffic
On 26.03.13 00:21, babu dheen wrote:
>Hi Matus,
please, skip personal replies. this is mailing listand issued should be
discussed here.
>Still not convinced because if i need to allow >1024 port from our DNS
&g
> > Still not convinced because if i need to allow >1024 port from our
> > DNS server to external world(internet).. where is the security?
Every UDP and TCP packet has two port numbers, the source port and
the destination port. When a resolver sends a request to a distant
DNS authority, it send
babu dheen wrote on 03/25/2013 12:21:30 PM:
> Still not convinced because if i need to allow >1024 port from our
> DNS server to external world(internet).. where is the security?
Total security requires total isolation. It is a matter of accepting some
risks to perform the needed task.
> I
On 26.03.13 00:21, babu dheen wrote:
Hi Matus,
please, skip personal replies. this is mailing listand issued should be
discussed here.
Still not convinced because if i need to allow >1024 port from our DNS
server to external world(internet).. where is the security?
If you have statefull f
On 25 Mar 2013, at 16:21, babu dheen wrote:
> Still not convinced because if i need to allow >1024 port from our DNS
> server to external world(internet).. where is the security?
>
> I beleive we just need to allow TCP and UDP 53 from our DNS server to
> internet(any) which is already done. N
---
> *From:* Matus UHLAR - fantomas
> *To:* bind-users@lists.isc.org
> *Sent:* Monday, 25 March 2013 3:30 PM
> *Subject:* Re: Suspecious DNS traffic
>
> On 25.03.13 16:59, babu dheen wrote:
>> I am able to query one of the PTR rec
ard
port from our DNS server to internet?
Kindly provide some details.
Regards
Babu
From: Matus UHLAR - fantomas
To: bind-users@lists.isc.org
Sent: Monday, 25 March 2013 3:30 PM
Subject: Re: Suspecious DNS traffic
On 25.03.13 16:59, babu dheen wrote:
>
On 25.03.13 16:59, babu dheen wrote:
I am able to query one of the PTR record available in my company BIND
caching DNS server from internet(ANY IP address) successfully. As per
your statement, If I am denying the response, how could I get response
successfully?
you must allow the packets from
Andrews
To: babu dheen
Cc: "bind-users@lists.isc.org"
Sent: Monday, 25 March 2013 12:33 AM
Subject: Re: Suspecious DNS traffic
In message <1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com>, babu d
heen writes:
>
> Dear,
>
> We have Caching DNS s
In message <1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com>, babu d
heen writes:
>
> Dear,
>
> We have Caching DNS server and certain PTR record(reverse entry
> verification purpose) only is allowed from internet. But I am observing
> suspicious DNS traffic from my BIND caching DNS
Dear,
We have Caching DNS server and certain PTR record(reverse entry verification
purpose) only is allowed from internet. But I am observing suspicious DNS
traffic from my BIND caching DNS server towards
67.215.80.15,67.215.80.13,207.192.69.4,67.227.239.85 IP address on destination
port 1033
18 matches
Mail list logo