Ports on secondary DNS
jose.a.campos at exxonmobil.com
jose.a.campos at exxonmobil.com
Sun Dec 1 01:55:41 UTC 2002
You need port 53 (UDP and TCP) open. Queries use UDP 53 and zone transfers
use TCP 53.
----- Forwarded by Jose A Campos/Houston/ExxonMobil on 11/30/02 07:54 PM
-----
Bob Lockie
<bjlockie at lockie.c To:
a> cc: bind-users at isc.org
Sent by: Subject: Re: Ports on secondary DNS
bind-users-bounce@
isc.org
11/27/02 06:18 PM
Michael AIG wrote:
>Hi,
>
>I want to set up secondary DNS in different network.
>The problem is by default they close all the ports (incoming and
outcoming).
>May I know which ports should I ask to be opened to allow public to access
>the DNS server? I mean the source and destination ports for both client
and
>server. And how about the ports for the zone transfer from primary to
>secondary?
>
Did you try a search on the web?
I found this in my search:
"Old versions of BIND made DNS resolution queries by attaching to port
53 of the remote nameserver and receiving replies back on port 53 as
well. The new software connects to port 53, but the back-channel for
data is designated as a random channel at port 1023 /*or higher*/. This
presents a problem for sites that are filtering UDP traffic on port 1023
or higher.".
"You do not need to open up ports 1023 and higher for all machines on
your network; only the nameservers. Most, if not all, firewall products
will allow the selection of specific ports to be opened for specific
machines.".
I don't know which ports are used for zone tranfers but I assume it is
the same.
--
----------------------------------------
Sent from Mozilla and GNU/Linux
More information about the bind-users
mailing list