I added NAT on my router to open up port 53.  Is that what you are 
referencing?


On 2014-12-07 23:28, Michael Butash wrote:
> You'll want to allow tcp/53 if doing any sort of public dns - anything
> greater than 1500 bytes (ie most domain-keys//spf records), and also
> any anomaly mitigation gear (the things that keep 400gb DDoS at bay)
> use that to figure our if you're real or not.  Blocking tcp for dns is
> not a good idea as a whole, it's just RFC-compliant behavior things
> expect.
> 
> -mb
> 
> 
> On 12/07/2014 09:17 PM, der.hans wrote:
>> BTW, also firewall TCP port 53 to only allow connections from your 
>> slaves
>> unless you're certain you really want it open.
>> 
>> ciao,
>> 
>> der.hans
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss