Port 53 question
-
nat reflection for dns does not work, sorry.
-
nat reflection for dns does not work, sorry.
well.., why it is ? :o
Then How I do use public ip address connect port 53?
-
it will work fine when traffic comes in over the internet, it does not work when trying to connect to the external address from the inside.
-
it will work fine when traffic comes in over the internet, it does not work when trying to connect to the external address from the inside.
I can visit external address port 80 in lan, just I don't understand port 53 why it can not do this.?
-
NAT reflection does not work for any UDP traffic. There is already an open ticket about it.
-
NAT reflection does not work for any UDP traffic. There is already an open ticket about it.
ok. then should allow dns use tcp. I have submit ticket about dns tcp.
-
I doubt that will gain much support, it is a lot of work for very little benefit. At any moment your ISP could realize what's going on and block DNS over TCP also and it would be a bunch of work wasted. But if someone else is doing the work, have at it…
Fixing NAT reflection for UDP is the real fix for this issue.
-
I doubt that will gain much support, it is a lot of work for very little benefit. At any moment your ISP could realize what's going on and block DNS over TCP also and it would be a bunch of work wasted. But if someone else is doing the work, have at it…
Fixing NAT reflection for UDP is the real fix for this issue.
yes. Fixing NAT reflection for UDP.
Because of the defects of the UDP protocol itself, easily lead to data tampering and counterfeiting. so use tcp will helpful Prevent tampering with the falsification of data.
and it has some codes for Security issue. http://forum.pfsense.org/index.php/topic,48520.0.html
-
Yeah but those don't belong here in the 2.1 board since they will not happen for 2.1.
Not sure any of those will happen, they all seem to be specific to certain other services or practices and require both a client and server component… If you're tunneling to your own DNS server, may as well use a VPN.
DNSSEC can help with the verification part, but still not relevant to this topic. This is only about reflection for UDP.
-
this is not about vpn, and can't use vpn Solve.
now I build an dns server in my lan network, when my dns server or other server transfer any data to internet, then the data will be government ISP Forged tampering.
This is a security issue. If the pfsense gateway solution, it is a good thing.
-
…and still not relevant to this thread. If you want to argue all that, use your other thread(s) that cover that specifically.
