NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] DNS TCP



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Generally 53/TCP is used for dns zone transfers and 53/UDP is used for normal dns queries.

Michael S. Hobbs  A+, MCP
Unicon, Inc.
OfficeMobileFax- -----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Don
Sent: Thursday, May 09, 2002 9:47 AM
To: [email protected]
Subject: Re: [FW-1] DNS TCP


> Could someone give me a security explanation on the good, bad, need or not
> need to open up TCP port 53 to the outside world.  Is there a need for TCP
> 53, if it should be open to whom (local ISP???), is there EVER a need for
> it, if so when and why?
Please see the message archives from a week or so ago.

TCP 53 should be allowed into your name server. It is part of the RFC for
DNS.

Please see RFC 1035.

How often does TCP 53 get used for normal DNS queries? Not often but it
would be a good idea to allow it rather than brak things in unexpected
ways.

Also, considering the insecurity of most DNS implementations just allowing
UDP queries through is a bad idea. It probably makes the most sense to put
your DNS server in front of the firewall so when it gets compromised, you
do not have to worry about your other systems :)

- -Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPNquaylHPLksEJRBEQJFKQCfawfL5XzK5RV3Dd4iTpsE7m11GJ4AoM6h
Xe+g9RFV4sxrAWFfnzEklFbW
=O3bJ
-----END PGP SIGNATURE-----

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.