Are spurious TCP connections on port 53 a problem?

Posted by Darren Greaves on Server Fault See other posts from Server Fault or by Darren Greaves
Published on 2010-08-11T07:05:26Z Indexed on 2012/07/05 3:17 UTC
Read the original article Hit count: 666

Filed under:
|

I run a server which amongst other things uses tinydns for DNS and axfrdns for handling transfer requests from our secondary DNS (another system). I understand that tinydns uses port 53 on UDP and axfrdns uses port 53 on TCP.

I've configured axfrdns to only allow connections from my agreed secondary host. I run logcheck to monitor my logs and every day I see spurious connections on port 53 (TCP) from seemingly random hosts. They usually turn out to be from ADSL connections.

My question is; are these innocent requests or a security risk? I am happy to block repeat offenders using iptables but don't want to block innocent users of one of the websites I host.

Thanks, Darren.

© Server Fault or respective owner

Related posts about linux

Related posts about dns