mailing list archives
Securing DNS Server
From: "Naman Latif" <naman.latif () inamed com>
Date: Fri, 1 Nov 2002 16:31:14 -0800
I am trying to restrict Access to our DNS Server from Outside using a
Cisco IOS Firewall. Initially we only had Port 53 Access to this Server
But it turned out that when our DNS Server has to query a root name
server, it sends out a UDP query with a random higher (>1023) source
port number, which means that I will have to open >1023 Ports access to
this server from outside.
In this situtation How do I protect my DNS server from outside attacks
on higher port numbers ?
Is there a range of Source Port numbers that a BIND DNS server would
use, when querying outside servers ?
- Securing DNS Server Naman Latif (Nov 04)