Re: Firewall question

From: Chris (never@work)
Date: 03/15/03 

From: "Chris" <never@work>
Date: Sat, 15 Mar 2003 15:03:55 -0000

"Jesper Skriver" <harvest@wheel.dk> wrote in message
news:slrnb76ehs.16vh.harvest@freesbee.wheel.dk...
> On Sat, 15 Mar 2003 14:26:57 -0000, Chris wrote:
>
> > I agree. TCP 53 is only used for zone transfers between DNS servers,
> > not DNS lookups.
>
> Not correct, lookup's will fallback to TCP if the reply cannot fit a
> single UDP packet.
>
> > Besides, the mail server in question will only need to query MX
> > records when sending out mail if not using a smart host. UDP 53 is all
> > it needs.
>
> See above.
>
> --
> Jesper Skriver, CCIE #5456
> FreeBSD committer

When building Firewall-1 firewalls for customers we only ever let UDP 53 out
for hosts that need to resolve DNS and we've never had to let TCP 53 out as
well. In this application I think that UDP 53 will do the job.

Chris.

Relevant Pages

  • Re: TCP Port 53 Closed
    ... First of all you can do DNS lookups with port 53 UDP. ... There are many exploits due to handshake of TCP. ...
    (comp.security.firewalls)
  • NFS problem with recent 2.6 kernels (also serial console weirdness)
    ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ...
    (Linux-Kernel)
  • Solaris 9 <---> linux (2.6.8) NFS file locking problem?
    ... to the same file placed on nfs filesystem. ... 100000 4 tcp 111 portmapper ... 100000 4 udp 111 portmapper ... 100021 1 udp 4045 nlockmgr ...
    (SunManagers)
  • Urgent help with Secure NFS.
    ... have that option - I'm just attempting to tunnel all NFS traffic to the ... 100000 4 tcp 111 rpcbind ... 100000 4 udp 111 rpcbind ... 100021 1 tcp 49153 nlockmgr ...
    (SSH)
  • Re: nfs error
    ... kernel: nfs: server ... So if your system uses ypbind be sure that is working properly before ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ...
    (comp.sys.sun.admin)