Date: Thu, 19 Mar 2015 11:31:41 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Matthew Seaman <matthew@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: public network traffic to my ip address port 53 Message-ID: <550AEBDD.8010405@gmail.com> In-Reply-To: <550AE6D5.3000109@freebsd.org> References: <550AE2A7.3010903@gmail.com> <550AE6D5.3000109@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > On 03/19/15 14:52, Ernie Luzar wrote: > >> In my firewall log I see thousands of udp packets from ip addresses all >> over the word trying to access my freebsd gateway server on port 53. >> Right now I am blocking them and see no negative effects. >> Is there any valid reason to allow these unsolicited inbound packets >> access to my system on port 53? >> > > This is DNS traffic. There's no need to allow people from outside to > connect into your systems unless you're running an authoritative DNS > server, but you should be aware that most of the DNS traffic you see > will probably have originated from your own systems, and you are seeing > the responses to queries your users have made. This will frequently > involve servers not obviously related to the addresses you're looking > up, as your systems try and find the right authoritative servers. > > Note that while DNS is (mostly) a UDP protocol. and UDP is stateless, so > all you can see are packets going in various directions and no > established connections, any stateful firewall such as pf or ipfw will > allow you to permit outgoing queries only, by using stateful firewall rules. > > Cheers, > > Matthew > > > I am running ipfilter and it also has stateful UDP rules. That is how I know this inbound dsn traffic is unsolicited.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?550AEBDD.8010405>