Correct Ports?
Michael Kjorling
michael at kjorling.com
Wed Jun 6 18:03:41 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This setup seems reasonable to me - however, what reason do you have
for _not_ allowing incoming DNS packets from privileged ports != 53?
I have still failed to see what harm it could do if a DNS request came
from e.g. the FTP port. After all, it's the destination port (service
in IPv6) that matters, not the source port. That one is just there to
help route incoming reply packets to the correct application.
Michael Kjörling
On Jun 6 2001 13:49 -0400, Peter Billson wrote:
> Can anyone tell me if there is a good reason to allow connections to
> a local DNS port(53) from remote privledges ports(< 1024)?
>
> As I understand it *all* DNS is one of:
> local port remote port
> (53) <-> (53)
> (1024:65535) -> (53)
> (53) <- (1024:65535)
>
> and there should never be:
> local remote
> (53) <- (1:1023)
> (1:1023) -> (53)
>
> pete
- --
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)
^..^ Support the wolves in Norway -- go to ^..^
\/ http://home.no.net/ulvelist/protest_int.htm \/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7HnCAKqN7/Ypw4z4RAtGsAJ4qTrSTTFsvlM7MAFOYA0Xs7+a/bgCg5uVN
xAKpdv0TygVGWPPfZOjaL6A=
=8ihz
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list