Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Nameserver behind gateway - ports
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Tue, 5 Feb 2002 18:41:28 +0300 (EAT)
  • Message-id: <Pine.LNX.4.33.0202051839240.15352-100000@xxxxxxxxxxxxxxxxxxx>

> Request: client above 1023 -> server (named) port 53 UDP
>
> Response: server port 53 -> client port request was sent from UDP
>
> name server to name server: 53 -> 53 53 <- 53 UDP
>
> Everything in my gateway is logged (if a rule doesn't match) and I've
> many requests from clients using an UDP-port smaller 1024 for
> connections to port 53! Sometimes are reserved ports used:

You're assuming that all the machines connecting to your dns server will
follow the unix conventions of reserved ports. You should not worry about
which ports the connecting clients are coming from but rather simply allow
requests to UDP 53 from all ports. Not every request is going to come from
an rfc compliant resolver.




< Previous Next >
References