Hi, I'm using Bind as a cache (absolutely not authoritative) DNS for a public network. I have put a firewall in order to refuse incoming packets from people not on my network.
Today, inspecting logs, I see this : Aug 18 17:31:44 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=195.176.219.26 DST=MY.CACHE.DNS LEN=69 TOS=00 PREC=0x00 TTL=120 ID=50785 CE PROTO=UDP SPT=56592 DPT=53 LEN=49 Aug 18 17:31:48 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=195.176.219.26 DST=MY.CACHE.DNS LEN=59 TOS=00 PREC=0x00 TTL=120 ID=23374 PROTO=UDP SPT=57527 DPT=53 LEN=39 Aug 18 17:31:51 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=207.38.104.93 DST=MY.CACHE.DNS LEN=47 TOS=00 PREC=0x00 TTL=48 ID=48457 CE PROTO=UDP SPT=32779 DPT=53 LEN=27 Aug 18 17:31:56 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=195.176.219.26 DST=MY.CACHE.DNS LEN=72 TOS=00 PREC=0x00 TTL=120 ID=38433 CE PROTO=UDP SPT=53494 DPT=53 LEN=52 Aug 18 17:32:00 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=109.164.132.64 DST=MY.CACHE.DNS LEN=60 TOS=00 PREC=0x00 TTL=112 ID=24658 PROTO=UDP SPT=51908 DPT=53 LEN=40 Aug 18 17:32:04 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=195.176.219.26 DST=MY.CACHE.DNS LEN=69 TOS=00 PREC=0x00 TTL=120 ID=40178 CE PROTO=UDP SPT=48147 DPT=53 LEN=49 Aug 18 17:32:08 cns1 [IPT DROP] : IN=eth0 OUT= MAC=00 SRC=213.3.5.3 DST=MY.CACHE.DNS LEN=68 TOS=00 PREC=0x00 TTL=53 ID=15544 PROTO=UDP SPT=18967 DPT=53 LEN=48 This traffic came from other DNS server in the world. As it's UDP I think of UDP queries going from my cache server to other DNS server, and I catch their UDP responses in the firewall. Is it possible? So I should open my firewall for UDP on port 53 for all the world? Regards, David _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
