[dns-operations] DNS Issue

Fred Morris m3047 at m3047.net
Fri Apr 26 16:23:38 UTC 2013

Good timing...

On Fri, 26 Apr 2013, Cihan SUBASI (GARANTI TEKNOLOJI) wrote:
> Also can someone explain why tcp53 should be allowed on the firewalls if dns is behind a firewall?
> And why auditors do not like tcp53 open to public?

See, that's another of the arguments why DNS should *not* be behind "the
firewall": topology issues.

If your (recursive/caching) DNS server was outside the firewall, with
appropriate access controls, then port 53 through the firewall needs only
to be open with respect to the servers which you control.

That's not to say that you wouldn't/shouldn't have appropriate traffic
monitoring/etc. in place between the server and the rest of the

Agree/disagree, but there it is...


Fred Morris

More information about the dns-operations mailing list