[ https://issues.apache.org/jira/browse/CLOUDSTACK-9552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15594049#comment-15594049 ]
ASF GitHub Bot commented on CLOUDSTACK-9552: -------------------------------------------- Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1713 @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests > KVM Security Groups do not allow DNS over TCP egress > ---------------------------------------------------- > > Key: CLOUDSTACK-9552 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9552 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM > Affects Versions: 4.8.0, 4.9.0 > Environment: KVM Basic Networking > Reporter: Wido den Hollander > Assignee: Wido den Hollander > Labels: dns, dnssec, security-groups > Fix For: Future > > > When egress filtering is configured all outbound traffic is blocked unless > configured otherwise. > With the exception that UDP/53 DNS is allowed implicitly by the Security > Groups. > Many DNS responses are larger then 4k, with DNSSEC for example and require > TCP to be allowed. > The Security Groups should also allow TCP/53 when egress filtering is > configured. -- This message was sent by Atlassian JIRA (v6.3.4#6332)