Hi Matus,
Still not convinced because if i need to allow >1024 port from our DNS server
to external world(internet).. where is the security?
I beleive we just need to allow TCP and UDP 53 from our DNS server to
internet(any) which is already done. Not sure why we have to open non standard
port from our DNS server to internet?
Kindly provide some details.
Regards
Babu
________________________________
From: Matus UHLAR - fantomas <uh...@fantomas.sk>
To: bind-users@lists.isc.org
Sent: Monday, 25 March 2013 3:30 PM
Subject: Re: Suspecious DNS traffic
On 25.03.13 16:59, babu dheen wrote:
> I am able to query one of the PTR record available in my company BIND
> caching DNS server from internet(ANY IP address) successfully. As per
> your statement, If I am denying the response, how could I get response
> successfully?
you must allow the packets from TCP+UDP port 53 coming to any >=1024 port on
your nameserver.
-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users