Locally, we run a caching name server, so outbound udp (DNS generated)
traffic is allowed, as well as the related (state is related, using
iptables) inbound traffic. However, inbound, udp, port 53 traffic,
unless it's related to one of the queries generated locally - is
dropped.
What's interesting to me - and I would like to get some input on - is
that of all the traffic that gets blocked (looking at all ports), port
53 gets blocked the most. For example, we'll have 150-200 udp port 53
packets dropped each day, the next closest port is 10-20. Is this
typical experience for a caching name server setup?
Is there any (good) reason I should open up inbound port 53?
--------------------------------------------------------
Mike McCandless
michael@prismbiz.com
Red Hat Linux Certified Technician
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
