Are spurious TCP connections on port 53 a problem?
Posted
by
Darren Greaves
on Server Fault
See other posts from Server Fault
or by Darren Greaves
Published on 2010-08-11T07:05:26Z
Indexed on
2012/07/05
3:17 UTC
Read the original article
Hit count: 666
I run a server which amongst other things uses tinydns for DNS and axfrdns for handling transfer requests from our secondary DNS (another system). I understand that tinydns uses port 53 on UDP and axfrdns uses port 53 on TCP.
I've configured axfrdns to only allow connections from my agreed secondary host. I run logcheck to monitor my logs and every day I see spurious connections on port 53 (TCP) from seemingly random hosts. They usually turn out to be from ADSL connections.
My question is; are these innocent requests or a security risk? I am happy to block repeat offenders using iptables but don't want to block innocent users of one of the websites I host.
Thanks, Darren.
© Server Fault or respective owner