[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

sthaug at nethelp.no sthaug at nethelp.no
Tue Jun 12 15:47:27 UTC 2012

> People have been repeating the "DNS clients send from port 53" claim
> for almost as long as others talking about blocking port 25.  Is
> it valid for consumer ISP customers?  I bet not, but I don't know.

I have several gigabytes of pcap from *my* DNS clients indicating that
for the majority of clients this is *not* the case. Source port is
generally >= 1024 and seems pretty randomized (without having done any
deeper analysis of this). A small minority of clients are sending DNS
queries with a source port of 53.

What *could* make sense for my clients would be blocking inbound UDP
port 53 traffic to the clients caught doing ANY queries for ripe.net
or isc.org (blocking inbound UDP port 53 to the CPE WAN side that is),
and at the same time running a portal where those clients who needed it
could easily remove such a block.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the dns-operations mailing list