Date: Tue, 23 Apr 2002 02:23:41 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security@freebsd.org Subject: Re: DNS Question Message-ID: <3CC4A98D.7090008@obluda.cz> References: <5.1.0.14.2.20020422062026.05613ec0@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Len Conrad wrote: > On egress, bind will query via udp/tcp on port > 1023. ... unless your named.conf say something other. Because you must have open local port 53 for INcoming questions and for OUTgoing replies already you may decide to select port 53 as source for your own OUTgoing questions (e.g. INcoming replies) also -> simple configuration of firewall; no need for (random) ports >1023 -> no need for "keep-state" (possible subject of DoS) rules. Dan -- Dan Lukes, SISAL, MFF UK tel: +420 2 21914205, fax: +420 2 21914206 AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz, dan@fio.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC4A98D.7090008>