NEWBIE: which port and protocol to open
Barry Margolin
barmar at genuity.net
Thu May 23 18:25:25 UTC 2002
In article <acjbvg$e6p7$1 at isrv4.isc.org>, Wout Tankink <wout at gmx.net> wrote:
>
>On 23 May 2002 07:52:18 -0700, Barry Margolin <barmar at genuity.net>
>wrote:
>
>>You need to open TCP and UDP port 53. Regular queries usually use UDP, but
>>they can also use TCP. Zone transfers always use TCP.
>
>I think that won't be enough: requests by BIND version 8 and higher
>will use a port above 1023. So it might be necessary to open these
>ports also.
Those aren't incoming requests, they're outgoing queries; if the firewall
automatically allows reply traffic for anything sent out, you don't need to
open a port manually for it.
If it doesn't, a common solution is to use the "query-source" option to
specify a particular source port for recursive queries, and then open this
port (in addition to 53 for incoming requests).
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list