hf@wenglor.de wrote:
Is it nessesary to open also lower port 53 from the source-adr. to the DNS-Server port 53, or shoud i reject connections where use a port-adr. lower then 1023 as source-port.
Hello, AFIK the clients always ask _their_ nameservers for the adresses. The nameservers in turn try to resolve the adresses recursivly and give the final result back to the client. So actually there are other nameservers querying your nameserver for the adresses and the other nameservers use port 53 too. There is an option of using higher ports for newer BIND implementations I think, but trying to convince the rest of the internet that all would be better if all were using those unprivilleged ports may be a little bit difficult ;-) Greetings Roland