firewalling
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 25 02:40:51 UTC 2004
thedlw wrote:
>can someone point me to a website or whatever as to what ports i need to
>open on a firewall to make my cacheing dns server to work? (it doesn't work
>if i don't make it a dmz)
>thedlw at comcast.net
>
OUTBOUND (queries): Source (any unprivileged port) to destination port
53, UDP and TCP
INBOUND (responses): Source port 53 to destination (any unprivileged
port) UDP and TCP
If you have stateful-inspection capability, the "any unprivileged port"
port on the response should match the "any unprivileged port" on a
recently-issued query.
I'm assuming default configuration of a relatively-recent BIND instance
here. If your query-source is set to port 53, or you're running BIND 4,
then you'll need to open port 53 as a query source port and response
destination port.
- Kevin
More information about the bind-users
mailing list