zone transfers sticking on one port?

[Barry Margolin]

In article <c3822h$4h5$1 at sf1.isc.org>,
 Chris Fabri <fabric at northwestern.edu> wrote:

> Well, these are UDP connections.  that's a convention, as you've said, i 
> could just hardcode the port.  which is certainly an available 
> solution.  We've exempted our nameservers from the block, which is the best 
> solution.  But I'm curious as to what is actually going on here.

Another good solution is to use a stateful firewall.  When it sees an 
outgoing query packet, it automatically allows the replies back in.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***