BIND Disabled & Port 53 blocked

ItsMattSon

• September 05, 2016 04:33

Hi all, I've disabled BIND and blocked port 53 TCP & UDP inbound, because my authoritive nameservers are with my Registrar and I don't need to provide a nameserver to anyone as I'm not hosting anyone now or in the future. Could anybody please advise whether I *should* block port 53 completely (TCP/UDP inbound & outbound) or whether I need to leave TCP/UDP inbound or outbound open, and why? It doesn't appear to have caused any issues thus far?

• 

  dalem

  • September 05, 2016 15:23

  no you still need to query outbound because your server still need to resolve domains

  0
• 

  cPanelMichael

  • September 05, 2016 19:54

  Hello, You may also find the following third-party URL informative: When would I open Port 53 for DNS? Thank you.

  0
• 

  ItsMattSon

  • September 07, 2016 22:38

  Does anyone know why, if I've disallowed port 53 altogether, why I can still 'dig' from my GoDaddy VPS? I obviously want to be able to, but for testing purposes i thought that should've broken the functionality? 40831

  0
• 

  cPanelMichael

  • September 08, 2016 15:24

  Hello, Could you let us know the specific dig command you used? For instance, can you reproduce the issue when using a public name servers (e.g. dig @8.8.8.8) instead of the resolvers defined in your /etc/resolv.conf file? Thank you.

  0
• 

  ItsMattSon

  • September 09, 2016 06:32

  Hi Michael, Here's the result of your query: dig 8.8.8.8 40881 dig google.com 40901 Note: 8.8.8.8 was in my resolv.conf for the second screenshot :) Thanks! Is this strange to you? (that it digs when 53 is not open in or out on tcp or udp)

  0
• 

  cPanelMichael

  • September 19, 2016 15:03

  I recommend consulting with your data center or hosting provider to verify if any special configurations are utilized for DNS traffic over port 53. Thank you.

  0

Please sign in to leave a comment.