Is port 53 required for both incoming and outgoing

[Barry Margolin]

In article <bogqab$21qo$1 at sf1.isc.org>, Eric Smith  <es at fruitcom.com> wrote:
>We have a primary NS on a network which has port 53 open for
>outgoing traffic only tcp and udp - not incoming traffic.
>
>Is it still possible to run bind on this machine which is the
>primary NS for a domain?

By "primary NS", do you mean it's the master server for some zones?  If so,
the slaves will connect to its port 53.  If it's an advertised server as
well (i.e. it's listed in the NS records in the zone and/or the delegation
records in the parent zone) then caching servers will also need to connect
to its port 53.  You need to allow incoming traffic to port 53 so that it
can answer all these queries.

If it's a caching-only server, only outbound port 53 is necessary.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.