Which Port Do I use to route DNS?

warmpapi · Nov 15, 2000

We have a Server that is running DNS on the internal end of a PIX firewall and would like to open up a port to allow vendors on the external side of the port to communicate effectively with the server? Does this compromise any security? I bet you can tell I'm new at this. Thanks.

Rob

lardum · Nov 17, 2000

It's port 53, both ways... UDP and TCP too...

Regards

Lars

kirke · Jan 23, 2001

You may also require UDP/TCP ports 82 to provide XFERNETS (zone transfers) from one name server to another. For example, from a name server acting as secondary (slave) on the DMZ and a primary (master) name server operating at the ISP beyond the outside interface. If the primary name server was inside the network, say on the DMZ, a typical configuration with little or no filtering of OUTGOING traffic would allow XFERNETS of zone files to the off-site secondary name server without error, since the replication is only one way.

Caching name servers provide no XFERNETS functionality and so can be used in even heavily secured DMZ security policies.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Which Port Do I use to route DNS?

warmpapi

IS-IT--Management

lardum

IS-IT--Management

kirke

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor