[Dshield] UDP blocking
nlindq at maei.ca
Fri Mar 15 18:11:12 GMT 2002
On 14 Mar 2002 at 15:40, Kelly Martin wrote:
> DNS is UDP port 53. Note also that queries go out (by default) on random
> UDP ports, and the replies come back to the same port the query originated
> from. If you are not using a stateful firewall, you will have to either
> open all of UDP or lock your DNS client down to use a specified query port.
You shouldn't have to open up *all* UDP traffic. Allowing UDP
traffic from port 53 to unpriviledged ports (>=1024) should be
> If you have a trusted resolver you can use, you can open UDP only to that
> trusted resolver.
As long as that trusted resolver will never refer your request to a
Nels Lindquist <*>
Quidquid latine dictum sit altum viditur.
Whatever is said in Latin, sounds profound.
More information about the list