[Dshield] Help: DNS (53)

David Hart DavidHart at TQMcube.com
Wed Dec 31 16:37:59 GMT 2003


We're using bind solely as a caching name server.

Correct me if I'm wrong but the only connects that I need to accept
would be UDP to 53 from root servers. Right?

I noticed quite a few of these (they resolve to MSFT):

Dec 31 11:30:31 mail2 kernel: Firewall: IN=eth1 OUT=
MAC=00:09:5b:22:29:d1:00:06:25:e4:ed:a3:08:00 SRC=207.46.150.15
DST=192.168.0.31 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=31495 PROTO=UDP
SPT=51861 DPT=53 LEN=53

Am I doing something wrong (these packets were dropped)?

While I am at it, we accept all connections from port 53 as the source.
Is that appropriate?

Thanks.

                               ---------
            Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031231/030bc0ad/attachment.bin


More information about the list mailing list