[Dshield] UDP packets dropped from DNS server

John Groseclose iain at caradoc.org
Sat Oct 27 20:14:51 GMT 2001


At 12:54 PM -0400 10/27/01, Jeffrey Pike wrote:
>>  Port 53 is the DNS server.
>>
>>  In most parts of the world, it's considered moderately rude to ask a
>>  question, then ignore the answer - which is what you're doing to that
>>  poor DNS server. You're sending queries, then blocking the answers.
>
>Thank-you, John. To prevent the poor server's developing an
>inferiority complex, shall I just open port 9318 on my firewall?
>Or will I then compromise security? And, assuming that you are
>a busy person, where shall I look to educate myself as to the
>best solution so as to discontinue nagging you for answers?

What're you using for your firewall? As Gary suggested, your firewall 
may be timing out before the DNS server is responding.
-- 
John Groseclose
iain at caradoc.org




More information about the list mailing list