On Wed, Feb 05, 2003 at 12:52:37PM +0000, Darren Birkett wrote: > > . My question is - should I open UDP port 53 or TCP port 53? >
Yes. Both. There is a myth/misunderstanding that BIND only uses TCP for "zone transfers" and so TCP/53 is commonly blocked. In actuality, if the DNS reply is bigger than the payload size of a UDP packet then BIND will use TCP/53 to transfer the reply. Unfortunately it is common that TCP/53 is blocked due to the myth/misunderstanding so you may not gain much by having the port open due to the widespread nature of the misconfiguration. -- Brett Lymn
