Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Nameserver behind gateway - ports
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Tue, 5 Feb 2002 18:44:35 +0300 (EAT)
  • Message-id: <Pine.LNX.4.33.0202051841320.15352-100000@xxxxxxxxxxxxxxxxxxx>

> ACk, only an old bind (below v8) is using 53 > 53 by default.
well but what would you know about other resolvers say those that come
with tiny dns or djbdns or whatever or even M$ windows. I am not saying
they do so but it is not good to assume!

> You need to allow nameservice request from 1024 (and above) to 53 by using
> tcp. you do not need to use udp. Still works without udp.

you do. dns only resorts to tcp when the answer is bigger than can be sent
in a UDP packet. The majority of dns requests are UDP requests. Also tcp
is used for the BIND way of doing zone transfers. I am told that djbdns
uses rsync over ssh for zone transfers. I do not know much about that...
as I do not use djbdns.

Noah.


< Previous Next >
This Thread
References