Disable TCP/53
Jim Reid
jim at rfc1035.com
Thu Feb 21 02:39:52 UTC 2002
>>>>> "Tan" == Tan Chun Han/ITNOC/PBB/PBBG <tanch at publicbank.com.my> writes:
Tan> Hi, our firewall keeps detecting and rejecting TCP/53
Tan> queries. Does bind by default use TCP/53 and UDP/53?
Yes. So does any name server that complies with the DNS protocol. Read
RC1035. Here's an excerpt:
4.2. Transport
The Internet supports name server access using TCP [RFC-793] on server
port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
port 53 (decimal).
Tan> Is there any way to disable TCP/53, thus enabling UDP/53?
No. [Not that disabling TCP/53 could somehow automagically enable
UDP/53 anyway.] Name servers are supposed to accept queries on port 53
from both TCP and UDP. That's what the DNS protocol says. Your
firewall is broken. Fix it.
More information about the bind-users
mailing list