Great Circle Associates Firewalls
(August 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: DNS port 53
From: "Daniel O'Callaghan" <danny @ miricle . its . unimelb . edu . au>
Date: Fri, 25 Aug 1995 14:45:01 +1000 (EST)
To: "Frank K. Senter" <fsenter @ mail . more . net>
Cc: firewalls @ GreatCircle . COM
In-reply-to: <Pine . 3 . 89 . 9508241136 . A28354-0100000 @ services> 

On Thu, 24 Aug 1995, Frank K. Senter wrote:

> While rewriting my packet filter rules for more strictness, I discovered 
> that my internal DNS server sends requests to the firewall DNS with both 
> source and destination ports set to UDP 53.  Isn't that a little unusual?
> If I allow packets with destination=UDP 53, can I get into trouble?

The most common scenario is below:


[client] {>1024} ----------> 53 [server] 53 -----> 53 [other server]

i.e. clients use a high source port, but server to server requests
are 53 on both src and dst.

This means that if you allow pkts with dst=53, then your server can send
queries and receive responses.

Danny
References:
  • DNS port 53
    From: "Frank K. Senter" <fsenter @ mail . more . net>
Indexed By Date Previous: Is this a break-in attempt?
From: jhb @ sun811 . npt . nuwc . navy . mil (John Balch)
Next: Re: Is this a break-in attempt?
From: josh @ pathfinder . com (Josh Hartmann (VG))
Indexed By Thread Previous: DNS port 53
From: "Frank K. Senter" <fsenter @ mail . more . net>
Next: Re: DNS port 53
From: maass @ thinkfish . rhein-main . de (Joerg Maass)
Google
 
Search Internet Search www.greatcircle.com