On Thu, Apr 05, 2001 at 09:38:46PM +0100, Steve Ball wrote: > If you run a web server then open port 80 tcp, if you have SMTP inbound > email then open port 25 tcp, if you run your own DNS for your domain > then open port 53 udp.
You're going to be upset the first time you hit a site that has enough information in the DNS response to break the UDP size limit. BIND will switch to TCP and you will drop the packets. Lots of A records in a round-robin type situation or lots of NS records in a response and BIND will switch to TCP to get the answer. [Ever wonder why there's so few root servers? The NS answer has to stay within the UDP packet size limit for a single packet or some old severely broken resolvers can't get the NS records for the root-servers.net zone!] And if you're really running your own DNS, you may need TCP open for zone transfers to your secondary nameserver off-site. (You *do* have an off-site secondary, right? On a different network? ;-) ) -- Nate Duehr <[EMAIL PROTECTED]> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2 Public Key available upon request, or at wwwkeys.pgp.net and others.
