[BlueOnyx:13900] Re: Blueonyx Digest, Vol 58, Issue 30
Steven Howes
steve-lists at geekinter.net
Wed Oct 23 07:43:21 -05 2013
On 23 Oct 2013, at 13:31, Richard Morgan <richard at morgan-web.co.uk> wrote:
> DNS uses port 53 - UDP, not TCP if I remember. If you have DNS enabled you
> will need port 53 open.
Depends on the size of the response. If it wont fit in a single UDP packet then the client should retry with TCP.
> There was a security issue a little while back regarding DNS and port 53,
> but BlueOnyx now has a rate limiter so the problem is dramatically reduced.
> This may be the root cause of much of the forum chatter about the matter.
Rate limiting is not a solution - it's mitigation. The only way to have a DNS server that isn't abusable is to turn off recursion. If you're just using it to host DNS records then you don't need recursion anyway - it's just needed if you're using it to look up records that are not on your server.
Steve
More information about the Blueonyx
mailing list