Home page logo

basics logo Security Basics mailing list archives

RE: Securing DNS Server
From: "Daniel Miessler" <danielrm26 () hotmail com>
Date: Mon, 4 Nov 2002 23:25:51 -0500

But it turned out that when our DNS Server has to query a root name
server, it sends out a UDP query with a random higher (>1023) source
port number, which means that I will have to open >1023 Ports access
this server from outside.

You don't have to open ports on your firewall that correspond with the
source port number of your outgoing traffic.  You can make any DNS
queries without opening ports; you only need to open ports to OFFER
service, not to request it.  And even then, it is only going to be UDP
(and possibly TCP) port 53.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]