Which Port Do I use to route DNS?

[warmpapi]

We have a Server that is running DNS on the internal end of a PIX firewall and would like to open up a port to allow vendors on the external side of the port to communicate effectively with the server? Does this compromise any security? I bet you can tell I'm new at this. Thanks.

Rob

 

[lardum]

It's port 53, both ways... UDP and TCP too...

Regards

Lars

 

[kirke]

You may also require UDP/TCP ports 82 to provide XFERNETS (zone transfers) from one name server to another. For example, from a name server acting as secondary (slave) on the DMZ and a primary (master) name server operating at the ISP beyond the outside interface. If the primary name server was inside the network, say on the DMZ, a typical configuration with little or no filtering of OUTGOING traffic would allow XFERNETS of zone files to the off-site secondary name server without error, since the replication is only one way.

Caching name servers provide no XFERNETS functionality and so can be used in even heavily secured DMZ security policies.