Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 4975 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Incoming packet through Port 53 blocked

eclipse79oldacct
Hello
I'm reading packetfilter.log file and I have seen entries like this:

2009:11:10-03:16:13 MYFIREWALLNAME ulogd[3247]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="DNS SERVER IP ADDRESS" dstip="WAN IP ADDRESS" proto="17" length="67" tos="0x00" prec="0x00" ttl="57" srcport="53" dstport="3107" 

I don't know how exactly DNS server works, in my lan we use DNS specified in srcip value and all seems to work fine. In your opinion, should I enable packets directed to port 53 to be accepted to my WAN address?

Thank you
Eclipse79


This thread was automatically locked due to age.
Parents
  • 0
    You don't need to activate the Astaro DNS Proxy if you open port 53, and you don't need to open port 53 if you enable the proxy.

    Ian, are you thinking of DNS Best Practice?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    You don't need to activate the Astaro DNS Proxy if you open port 53, and you don't need to open port 53 if you enable the proxy.

    Ian, are you thinking of DNS Best Practice?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi Bob,
    I am not sure about DNS best practice, my DNS attempts at work usually get jumped on by the wizkids, though mine work and theirs cause me huge amounts of grief.

    I was offering some alternatives, but I forgot the simple one you offered.

    ian M
Cookie Information Banner