DNS queries are on UDP port 53. TCP port 53 is used for zone transfers. By blocking TCP port 53 I can't do zone transfers, but clients can still do lookups on UDP 53. Since I have blocked TCP port 53, I have seen a decrease in attack attempts on my name servers, primarily because that port isn't open. I do still see scans for the DNS ports, but nothing more than a port scan. My question is...Can anyone come up with any pros/cons of doing this? My name servers are successfully serving my domains, so I don't see a downside. Thoughts? Jason Lewis http://www.rivalpath.com "All you can do is manage the risks. There is no security."
This archive was generated by hypermail 2b30 : Sat May 05 2001 - 13:01:07 PDT