Weird results - firewall bind8
Jim Reid
jim at rfc1035.com
Thu Apr 12 14:58:36 UTC 2001
>>>>> "Tonino" == TAG <tag at xsinet.co.za> writes:
Tonino> I am getting a weird "error" from my firewall ...
Tonino> OK - I am using GNATbox as a firewall and the logs look
Tonino> like this :
Tonino> IP PACKET: UDP [tertiary DNS/53]-->[secondary DNS/21167]
Tonino> [tertiary DNS/53]-->[secondary DNS/21167]
Tonino> Why are they not doing reqyuets on port 53??
These are not requests. They are answers from your name server. You
have no control over the source address or port numbers that the rest
of the world will use to query your name servers. Your firewall has to
let everything in that's going to port 53 of your servers and let
anything out that's coming from port 53 of those servers.
When your name servers make a DNS query, they will use a random,
unprivileged port by default. So you have to let anything out that's
going from your servers to port 53 outside. The replies will come from
port 53 to some random port on your servers so you have to allow those
packets in too. This is really just the same traffic pattern as above
except that the client and server are the other way round: you're
querying them instead of them querying you.
You probably should just let all UDP/TCP traffic through provided the
source or destination port is 53 so the DNS will work. If you're
paranoid, you could restrict that to the IP addresses of your servers
so only they can make/get queries and get/send replies from the
outside.
More information about the bind-users
mailing list