General discussion

Locked

DNS Behind the Firewall

By ask_anurag ·
HI,

I am setting my dns server for network.My network is also connected with out network.I also installed firewall on my network for any wrong activity.I heard that dns behind the firewall wht it is.How i secure my dns server.

Regards.

Anurag.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DNS Behind the Firewall

by BudTheGrey In reply to DNS Behind the Firewall

If your DNS server is authoritative (i.e. it maintains the resource records for your domain), you'll need to open UDP port 53 inbound and outbound on your firewall to the DNS server. Depending on the type of firewall, you may be setting up a virtual server instead.

If you DNS server is caching only, it only needs to do UDP port 53 outbound.

Collapse -

DNS Behind the Firewall

by ask_anurag In reply to DNS Behind the Firewall

Poster rated this answer

Collapse -

DNS Behind the Firewall

by cavedweller In reply to DNS Behind the Firewall

Port 53/udp is used to answer requests from clients and to query your parent (usually your ISP's) server. If you allow an outside machine to establish (SYN) a connection to your dns server that machine can query your server and obtain the contents of your dns table.

Port 53/tcp is used for zone transfers (bulk update of the entire zone) between servers and may allow the contents of the dns zone to be modified. This can have serious consequences.

You should configure your dns server to only update to/from named servers and put those servers in the list, even if they are all within your site. If you don't need to transfer zones through the firewall you should block 53/tcp. If you do need to transfer zones through the firewall, onlyallow 53/tcp to/from specific servers.

Collapse -

DNS Behind the Firewall

by ask_anurag In reply to DNS Behind the Firewall

Poster rated this answer

Collapse -

DNS Behind the Firewall

by ask_anurag In reply to DNS Behind the Firewall

This question was closed by the author

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums