Hi folks,
Just wondering, in IPv4 TCP_IN, TCP_OUT, UDP_IN, UDP_OUT; If I'm not managing my own DNS Server (I disabled BIND), can I remove Port 53 from those 4 fields?
I understand that my VPS will need to resolve hostnames to IPs however no one has thoroughly been able to advise whether Port 53 can be removed from any of those fields and why, or if it shouldn't be and why.
Can anyone tell me which fields I can remove Port 53 from and why? Or why I can't? (preferably detailed, so i know it's because of a particular system service and how it interacts with that port)
DNS Port Blocking
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: DNS Port Blocking
You can remove port 53 from TCP_IN and UDP_IN. You need to leave it in TCP_OUT and UDP_OUT as both protocols are used for name resolution by the server itself.
-
- Junior Member
- Posts: 7
- Joined: 06 Sep 2016, 08:38
Re: DNS Port Blocking
That's a great reply - Thank you.
Can I ask you to explain as best you can to me the lifecycle of that name resolution?
For example, something on the server needs to resolve a name to IP so it makes a request UDP request OUT on port 53? And it receives a response on the same port, even if UDP_IN hasn't got 53 in the list? I thought UDP was stateless and it wouldn't get a response?
Can I ask you to explain as best you can to me the lifecycle of that name resolution?
For example, something on the server needs to resolve a name to IP so it makes a request UDP request OUT on port 53? And it receives a response on the same port, even if UDP_IN hasn't got 53 in the list? I thought UDP was stateless and it wouldn't get a response?