Mailinglist Archive: opensuse-security (685 mails)
| < Previous | Next > |
Re: [suse-security] Nameserver behind gateway - ports
- From: <ksemat@xxxxxxxxxxxxxxx>
- Date: Tue, 5 Feb 2002 18:44:35 +0300 (EAT)
- Message-id: <Pine.LNX.4.33.0202051841320.15352-100000@xxxxxxxxxxxxxxxxxxx>
> ACk, only an old bind (below v8) is using 53 > 53 by default.
well but what would you know about other resolvers say those that come
with tiny dns or djbdns or whatever or even M$ windows. I am not saying
they do so but it is not good to assume!
> You need to allow nameservice request from 1024 (and above) to 53 by using
> tcp. you do not need to use udp. Still works without udp.
you do. dns only resorts to tcp when the answer is bigger than can be sent
in a UDP packet. The majority of dns requests are UDP requests. Also tcp
is used for the BIND way of doing zone transfers. I am told that djbdns
uses rsync over ssh for zone transfers. I do not know much about that...
as I do not use djbdns.
Noah.
| < Previous | Next > |