I've a Nameserver behind my ipchains-firewall and the log says something about incoming connections to port 53 from port 53. What kind of Nameserver-service is that? I've searched, but found nothing concerning this connections.
It could just be a nameserver querying your nameserver while the source port to use has been configured to 53. This isn't usually the case, but some admin just might have thought that it is a good idea. I wouldn't do it because it obfuscates the logs.
O.K., if I'm on the right trip, udp requests are not bad and its no real hole if i allow them.
If it's tcp and not udp, then someone might have tried to get zone files from you. Then it is interesting, _who_ did that, with which reason.
whats so bad about other people can accessing my zone files? I thought the should do this in order to resolve the Hostname... Or is there only a risk when you have 'internal' zone files on this NS (that's not the case...)? Thanks for help. Max