[Dshield] Help: DNS (53)
DavidHart at TQMcube.com
Wed Dec 31 16:37:59 GMT 2003
We're using bind solely as a caching name server.
Correct me if I'm wrong but the only connects that I need to accept
would be UDP to 53 from root servers. Right?
I noticed quite a few of these (they resolve to MSFT):
Dec 31 11:30:31 mail2 kernel: Firewall: IN=eth1 OUT=
DST=192.168.0.31 LEN=73 TOS=0x00 PREC=0x00 TTL=52 ID=31495 PROTO=UDP
SPT=51861 DPT=53 LEN=53
Am I doing something wrong (these packets were dropped)?
While I am at it, we accept all connections from port 53 as the source.
Is that appropriate?
Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031231/030bc0ad/attachment.bin
More information about the list