On Tuesday 05 February 2002 14:17, you wrote:
I've a problem with the udp-ports for dns (53); this is my network:
INTERNET <--> Gateway <--> Public_Server (DNS-Server)
The gateway is a packet filter (running iptables). My nameserver are behind the gateway and they are configured as primary dns. The zonetransfer is ok (allow requests tcp on port 53) but my problems are the needed udp-ports. At the moment the following ports are open:
Request: client above 1023 -> server (named) port 53 UDP
Response: server port 53 -> client port request was sent from UDP
name server to name server: 53 -> 53 53 <- 53 UDP
Everything in my gateway is logged (if a rule doesn't match) and I've many requests from clients using an UDP-port smaller 1024 for connections to port 53! Sometimes are reserved ports used:
Request: client above 137 -> server (named) port 53 UDP
Is this OK? Which ports do I really need and where can I find a short description? I tried to read and understand the rfc's but ...
Why are you worried what ports the client's are using, when quering port 53? I can understand if you're filtering traffic from external DNS servers, that you might permit traffic from port 53 to 53 and 1024: but surely it's nonsense to assume the clients of your public DNS server follow the UNIX privileged ports convention. Rob Rob