configuring DNS on firewall

Answered Question
Feb 27th, 2009
User Badges:

is it necessary to allow both UDP and TCP port 53 for accessing DNS servers through a firewall access-list?

Correct Answer by vikram_anumukonda about 8 years 2 months ago

tcp/53 is used for zone-transfers. if you are doing just normal queries udp/53 will suffice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
vikram_anumukonda Fri, 02/27/2009 - 19:49
User Badges:
  • Bronze, 100 points or more

tcp/53 is used for zone-transfers. if you are doing just normal queries udp/53 will suffice.

vikram_anumukonda Fri, 02/27/2009 - 20:03
User Badges:
  • Bronze, 100 points or more

Here is another reason why tcp/53 is used "A client can use TCP whenever it wants, and has to use TCP when the response it gets via UDP is truncated because it is too long"


duncanm Wed, 03/04/2009 - 08:49
User Badges:

tcp/53 is also used for large transfers.

Actions

This Discussion