On Thu, Oct 10, 2002 at 10:59:58AM +1000, Howard Lowndes wrote: : I asked the other day whether udp 53 -> 53 was kosher, and basically it's : not but apparently some lazy sysadmins try to save on ports.
Of course it's kosher. I usually set my DNS servers to query from port 53. DNS clients could query from anywhere, but if you're firewalling things, you might want to ensure your clients ask *your* servers, rather than asking anyone else's. This was much more common before split servers. Have you a better way to distinguish them? : Now I am seeing this from ozemail:: : : Oct 10 10:44:59 gw kernel: FIREWALL FWD pkt dropped:IN=ppp1 OUT=eth2 : SRC=203.2.192.108 DST=192.168.254.17 LEN=73 TOS=0x00 PREC=0x00 TTL=240 : ID=28977 DF PROTO=UDP SPT=24 DPT=53 LEN=53 : According to RFC1700: : : 24/tcp any private mail system : 24/udp any private mail system : # Rick Adam <[EMAIL PROTECTED]> : : It's interesting that the person who applied for this assignment is from : uu.net, or am I being too paranoid? It looks to me as if their machine is asking your DNS a question. The source port is irrelevant. Mail is unlikely to travel over UDP, but IANA (almost?) always allocated ports in such TCP/UDP pairs, even if you didn't actually want to use the partner. The DST suggests their packet got natted inbound, and was therefore either a reply to one of your packets, or was explicitly redirected by your firewall because of the DPT. -- Christopher Vance -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
